Firstly, a big (and belated) thank you for all the replies, both on and off list, to my original post on this issue. From what I gather from these responses, I think my original gut feeling that CRC32 by itself was probably not "enough" for forensic purposes seems to be sound. That being so, I'm unsure why an experienced team investigating such a high profile case would use MD5 only at a later stage in response to opposing counsel's comments (but I don't know the full facts of the case so won't comment further). Of equal interest, though, has been the broader discussion of the distribution of MD5 hashes once created, chain of custody procedures and the integrity/credibility of forensic professionals. I was particularly interested in one idea concerning the initial imaging/hashing of evidence in the presence of the defence/defendant/other party and providing the resultant hash to them at this early stage in some kind of secure (digitally signed?) form (I guess for this procedure to have any value it becomes crucial to establish that the evidence could not have been altered by either side before the imaging/hashing process). Nevertheless, is anyone using this type of procedure or are the checks and balances of modern criminal systems sufficient to render it unnecessary? Equally, are those of us working in the corporate arena satisfied that enough is done with regard to establishing the integrity of the evidence we examine or produce? Jamie -- Jamie Morris Forensic Focus Email: adminat_private Web: http://www.forensicfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 19 2003 - 15:32:42 PST