Home page logo
/

basics logo Security Basics mailing list archives

RE: tools used to examine a computer
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Wed, 19 Feb 2003 19:05:55 -0000

Yes the MD5 signatures at both end have to match before you could
proceed.

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: David J. Bianco [mailto:bianco () jlab org] 
Sent: 19 February 2003 18:38
To: H C
Cc: Trevor Cushen; security-basics () securityfocus com
Subject: RE: tools used to examine a computer


On Tue, 2003-02-18 at 13:02, H C wrote:
Also on the point of copying files over the network
first, correct me if
I'm wrong but that damages the chain of evidence.

Now so?  If one collects the necessary info (ie, MAC
times, NTFS ADSs, permissions, full path, etc), hashes
the file (MD5 and/or SHA-1), and then copies the file
over the network using something like 'dd' or type,
and netcat/cryptcat, how is the chain of evidence
broken?  Especially if it's documented?

Although Trevor has since posted a clarification to the effect that was
referring to file copying as opposed to creating a bit image with dd, I
think it's worth noting that in order to guard against accidental or
malicious network data tampering, you'd have to guarantee that the data
traversed the network without being tampered with, probably by computing
an md5 sum on the data at both ends of the transfer.  
Otherwise the chain of evidence would indeed be broken, since most 
networks are not guaranteed to be reliable or secure from tampering.

        David


-- 
David J. Bianco <bianco () jlab org>
Thomas Jefferson National Accelerator Facility



**************************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

**************************************************************************************


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]