Re: [sleuthkit-developers] Good vs. Bad Hashes
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-developers] Good vs. Bad Hashes
|
From: Brian C. <ca...@sl...> - 2004-01-23 05:39:32
|
I'll just keep this on the developers list. On Thursday, January 22, 2004, at 06:26 PM, Matthias Hofherr wrote: > Brian Carrier said: >> [I was hoping you would be interested in this topic in light of your >> new database :)] > > Yup, I am interested ;-) Excellent. > I think the NSRL segmentation in products/operation > systems/manufacturers is > a good idea. Yet, the NSRL provided categories are partially duplicate > and > partially too much segmented. There is no simple solution for a query > like > "check only against Linux system hashes". > I think we should define a basic set of operation systems and other > classification data and maintain a mapping table for imports of NSRL > and > other Hashsets. Can you lead the effort on making such a list then? I can't imagine having more than 15 categories. Otherwise it gets too messy and would be too difficult to look at in the configuration window. If we can make a comprehensive list of categories that scales for types of applications and/or types of platforms (although app type seems to be more important) then I would like to get it published in the IJDE (or similar) and see if we can make an argument for it to be a "standard" and adopted in the NSRL and others. thanks, brian |
