Re: [sleuthkit-users] NSRL hash usage in Autopsy
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] NSRL hash usage in Autopsy
|
From: Brian C. <ca...@sl...> - 2004-06-30 19:39:48
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jun 30, 2004, at 12:03 PM, Baskin, Brian wrote: > My first question is what is the status of using NSRL in Autopsy for=20= > hash analysis? > > In Informer #8, Aug 28, 2003, it was mentioned that the sorter no=20 > longer uses NSRL because of the issues between known good and known=20 > bad hashes. > > I haven't found any sort of update on this, so I was wondering if the=20= > sorter has been updated?=A0 I saw that the Hashapalooza was yesterday = at=20 > NIST > > (unfortunately I couldn't attend), and was hoping to ask in person.=A0=20= > I hope it was a good event for all involved. The hashapalooza was delayed and it will now be on the third day of=20 DFRWS in August. The plan is to develop a small number of application categories that a=20= user can choose if they are "good" or "bad" for that case. Those exact=20= categories are still being worked out, but should be done for August. > A second, very minor question, deals with nomenclature with the TASK=20= > utils.=A0 fls/mactime mention the use of the 'body' file.=A0 Autopsy=20= > refers to it as the 'data' file.=A0 Is one term preferred above the=20 > other in describing this file? 'body' came from the original TCT documentation. I prefer something=20 more generic like 'data'. Maybe when v2 is done and the output of each=20= tool is reconsidered then a more accurate name can be given. brian =20 =20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFA4xb3OK1gLsdFTIsRAtxwAJ9EybDPiBaUQuLqnNHtFHDl1aXmewCdGvq/ gqQnRZ4FfyUyl4jZuednuUw=3D =3Dp8OY -----END PGP SIGNATURE----- |
