Solved

Encase Version 5 - Hash analysis

Posted on 2006-11-27
11
1,032 Views
Last Modified: 2008-01-09
I have to solve a crime related to an extortion incident using Encase version 5 (for educational purpose). I do not know anything about hash analysis.
1. What the heck is it?
2. What does it accomplish?
3. How do i do it?
0
Comment
Question by:sergeiweerasuriya
  • 4
  • 3
11 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 18020831
I'm guessing the meaning here is to take a hash of all the files on the system using e.g. md5 and then comparing against a database of hash values for "interesting" files.

For an extortion case, the database might have hashes for a bunch of documents related to the extortion subject. Then you can use this technique to easily find copies of those documents.

Not sure exactly how you do this in Encase 5.
0
 

Author Comment

by:sergeiweerasuriya
ID: 18020935
finding out how to do it in Encase is not difficult, if i knew what files to look for. The documents related to the extortion case are a bunch of email messages. I do not see the point in checking an email message for hash vaues. Lets say i check the hash value of an email file. If i do so what would it tell me about that particular file?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 18021245
Yeah, probably no so useful on an email file as much as on an individual email.
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 

Author Comment

by:sergeiweerasuriya
ID: 18021275
what do u mean "not so useful on an email file as much as on an individual email"? what's the difference between an email file an an individual email?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 18021292
The hash method usually works at the file level. An email file usually has many emails in it.
0
 

Author Comment

by:sergeiweerasuriya
ID: 18027452
So when analysing email files what should i look for. Is it only the contents of the email? Some emails seem quite bizzare to me for instance the date created, sent and recieved appear to be the same (same hour,minute and second).
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 250 total points
ID: 18028401
For an extortion case you'd be looking primarily at content. You'd look at the timestamps and such if you thought that the emails were forged or planted.
0
 
LVL 4

Assisted Solution

by:SPOued
SPOued earned 250 total points
ID: 18044295
sergeiweerasuriya,
I've used encase (in testing only), and the "hash" being referred to seems to me to be the value which you need to use when comparing the original data to the duplicated one to insure integrity. Encase usually works by creating an exact duplicate of the data (without leaving any trace) being investigated. If you're to take a case to court, the court would like to know that the data from which you've acquired evidence has not been altered, meaning you'll need a hash to check the integrity.
So, in a nutshell, hash analysis, is just about making sure you have an exact duplicate of the original data...
Hope this helps...
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to remove .wallet ransomware 8 510
Public Printing Options 3 67
Just confused:  Router to Xfinity Tower? 9 67
Configuring DNS Round Robin in Windows DNS server ? 8 63
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question