HashKeeper
   HOME

TheInfoList



Click Here for Items Related To - HashKeeper
OR:
HashKeeper on:   [Wikipedia]   [Google]   [Amazon]

HashKeeper is a
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases s ...
application of value primarily to those conducting
forensic Forensic science, also known as criminalistics, is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal p ...
examinations of computers on a somewhat regular basis.


Overview

HashKeeper uses the MD5
file File or filing may refer to: Mechanical tools and processes * File (tool), a tool used to ''remove'' fine amounts of material from a workpiece **Filing (metalworking), a material removal process in manufacturing ** Nail file, a tool used to gent ...
signature
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
to establish unique numeric identifiers (hash values) for files "known to be good" and "known to be bad." The HashKeeper application was developed to reduce the amount of time required to examine files on digital media. Once an examiner defines a file as known to be good, the examiner need not repeat that analysis. HashKeeper compares hash values of known to be good files against the hash values of files on a computer system. Where those values match "known to be good" files, the examiner can say, with substantial certainty, that the corresponding files on the computer system have been previously identified as known to be good and therefore do not need to be examined. Where those values match known to be bad files, the examiner can say with substantial certainty that the corresponding files on the system being examined that the files are bad and therefore require further scrutiny. A hash match on known to be bad files does not relieve the examiner of the responsibility of verifying that the file or files are, in fact, of a criminal nature.


History

Created by the
National Drug Intelligence Center The United States National Drug Intelligence Center (NDIC), established in 1993, was a component of the U.S. Department of Justice and a member of the Intelligence Community. ThGeneral Counterdrug Intelligence Plan implemented in February 2000, ...
(NDIC)—a component of the
United States Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the United States government tasked with the enforcement of federal law and administration of justice in the United Stat ...
—in 1996, it was the first large scale source for hash values of "known to be good" and "known to be bad" files. HashKeeper was, and still is, the only community effort based upon the belief that members of state, national, and international law enforcement agencies can be trusted to submit properly categorized hash values. One of the first community sources of "known to be good" hash values was the United States Internal Revenue Service. The first source of "known to be bad" hash values was the
Luxembourg Luxembourg ( ; lb, Lëtzebuerg ; french: link=no, Luxembourg; german: link=no, Luxemburg), officially the Grand Duchy of Luxembourg, ; french: link=no, Grand-Duché de Luxembourg ; german: link=no, Großherzogtum Luxemburg is a small lan ...
Police who contributed hash values of recognized child pornography.


Availability

HashKeeper is available, free-of-charge, to
law enforcement Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules Rule or ruling may refer to: Education ...
,
military A military, also known collectively as armed forces, is a heavily armed, highly organized force primarily intended for warfare. It is typically authorized and maintained by a sovereign state, with its members identifiable by their distinct ...
and other
government agencies A government or state agency, sometimes an appointed commission, is a permanent or semi-permanent organization in the machinery of government that is responsible for the oversight and administration of specific functions, such as an administratio ...
throughout the world. It is available to the public by sending a
Freedom of Information Act Freedom of Information Act may refer to the following legislations in different jurisdictions which mandate the national government to disclose certain data to the general public upon request: * Freedom of Information Act 1982, the Australian act * ...
request to NDIC. In the 2012 United States budget, NDIC was de-funded and closed its doors on June 16, 2012. The availability and future of HashKeeper is uncertain.


Sources

''HashKeeper Overview'',
National Drug Intelligence Center The United States National Drug Intelligence Center (NDIC), established in 1993, was a component of the U.S. Department of Justice and a member of the Intelligence Community. ThGeneral Counterdrug Intelligence Plan implemented in February 2000, ...
.


See also

* National Software Reference Library * Rainbow table


References

http://www.justice.gov/archive/ndic/ndic-moved.html http://www.nsrl.nist.gov/nsrl-faqs.html#faq12 Computer forensics Digital forensics software {{database-stub