Extensive Windows databases are available at http://www.nsrl.nist.gov/ and http://www.hashkeeper.org/. The HashKeeper site is currently down, but the discussion group is active on Yahoo Groups. The group is not listed in the Yahoo directory so you might have some difficulty contacting them. I can provide contact information off-list if you need it. *********** REPLY SEPARATOR *********** On 1/18/2003 at 6:12 PM Chris Reining wrote: >On Fri, Jan 17, 2003 at 03:01:19PM -0800, Mark G. Spencer wrote: >> I'm working on a server that has been "owned" for over a year. Needless >to >> say, there are a significant number of what I would call "questionable" >> files on the box. Some of them I can quickly identify, albeit not >> authoritatively at this point, (e.g. httpodbc.dll), but others I cannot. >> >> If I MD5 the collection of questionable files, is there a database I can >> cross-reference my MD5's against to authoritatively identify what these >> things are? Jack Crone JD Crone Associates Computer Forensics - Data Recovery 5902 Monterey Road #623 Los Angeles, CA 90042 5534 South Sixth Street #120 Klamath Falls, OR 97603 Tel: 626.441.8441 Fax: 626.441.6425 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:35:25 PST