Hashing images and other files
Posted on 2011-03-02
What does hashing a file mean in terms of digital forensics. I would much rather some comments as opposed to links. The general gist I got was examiners hash (what tools?) a set of images, and then see if they are elsewhere on other machines? Or get a hash set of known bad/inappropriate images and scan that against a suspect’s machine?
So, how does hashing work in laymans terms. Doesn’t the way an image has been saved, tampered or uploaded to a given site affect that unique hash? Is there anything that can affect the exact same image having one hash when you hash it, and another hash if you find it on a different workstation? And also is hashing only used on certain file types, or can it be used on everything and anything? Also I hear about MD5sum, is that the only type of hash used in forensics? Can you run a hashset over the Internet, or only over a bit image of a device?