My first question is what is the status of using NSRL in Autopsy for hash analysis?

In Informer #8, Aug 28, 2003, it was mentioned that the sorter no longer uses NSRL because of the issues between known good and known bad hashes.

I haven't found any sort of update on this, so I was wondering if the sorter has been updated?  I saw that the Hashapalooza was yesterday at NIST

(unfortunately I couldn't attend), and was hoping to ask in person.  I hope it was a good event for all involved.


A second, very minor question, deals with nomenclature with the TASK utils.  fls/mactime mention the use of the 'body' file.  Autopsy refers to it as the

'data' file.  Is one term preferred above the other in describing this file?



Brian Baskin
DoD Computer Investigations Training Program
baskinb@dcitp.gov
410-981-1655