[sleuthkit-users] NSRL hash usage in Autopsy
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] NSRL hash usage in Autopsy
|
From: Baskin, B. <ba...@dc...> - 2004-06-30 17:06:51
|
My first question is what is the status of using NSRL in Autopsy for hash analysis? In Informer #8, Aug 28, 2003, it was mentioned that the sorter no longer uses NSRL because of the issues between known good and known bad hashes. I haven't found any sort of update on this, so I was wondering if the sorter has been updated? I saw that the Hashapalooza was yesterday at NIST (unfortunately I couldn't attend), and was hoping to ask in person. I hope it was a good event for all involved. A second, very minor question, deals with nomenclature with the TASK utils. fls/mactime mention the use of the 'body' file. Autopsy refers to it as the 'data' file. Is one term preferred above the other in describing this file? Brian Baskin DoD Computer Investigations Training Program ba...@dc... 410-981-1655 |
