Hi everyone, Firstly, a very happy new year to all! I'm no expert on hashing/error checking algorithms I'm afraid so please forgive me if the following is somewhat obvious... In the following two pdf files: http://notablecases.vaed.uscourts.gov/1:01-cr-00455/docs/68089/0.pdf http://notablecases.vaed.uscourts.gov/1:01-cr-00455/docs/68092/0.pdf related to the case of USA vs Zacarias Moussaoui, there is some discussion of the use of CRC32 instead of MD5 to provide verification that a hard disk has been imaged correctly. In this particular case the later use of MD5 would seem to confirm the accurate imaging of the disks in question but in general does the use of CRC32 during (and after) the imaging process really make any further checking with MD5 redundant? Furthermore, would it be realistically possible to change data in an image whose authenticity is based solely on CRC32 value(s) without changing the values in question, and thereby arousing suspicion? Kind regards, Jamie -- Jamie Morris Forensic Focus Email: adminat_private Web: http://www.forensicfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jan 04 2003 - 18:38:03 PST