[sleuthkit-developers] First Draft - Layout Hash Database
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] First Draft - Layout Hash Database
|
From: Matthias H. <mat...@mh...> - 2004-01-27 18:13:14
|
Hi list,
in cooperation with David Barroso I compiled a first proposal
for the structure of a hash database:
File entry:
- sha1
- md5
- os
- application
- filename
- filesize
Application entry:
- remote management
- office tools
- database
- desktop
- server daemons
- web
- multimedia
- drivers
- development
- sysutils
- security
- known-bad
- other
Operation system entry:
- Linux
- Windows
- BSD
- Mac
- MacOSX
- Solaris
- DOS
- Handheld OS
- AIX
- HP-UX
- Other
The fields per category should be easily manageable with a web based
analysis gui (autopsy). Usually, only one of the categories should be
required for a forensic analysis step ("filter all linux hashsums from my
image", "identify application xyz on my image" ...).
Questions so far:
Do we need a separate architecture field for a hashsum entry ? This will
require an additional search parameter later.
Does anyone need a crc32 entry with the hashsum ?
Did we miss important fields ?
Did we miss important questions ;-)
Feedback for this proposal is welcome and encouraged.
Regards,
Matthias
--=20
Matthias Hofherr
mail: mat...@mh...
web: http://www.forinsect.de
gpg: http://www.forinsect.de/pubkey.asc
|
