Unique File Identification in the National Software Reference Library

Unique File Identification in the National Software Reference Library

Cached

Download Links

[www.nsrl.nist.gov]

Other Repositories/Bibliography

DBLP

by Steve Mead

Citations:

1 - 0 self

BibTeX

@MISC{Mead_uniquefile,
    author = {Steve Mead},
    title = {Unique File Identification in the National Software Reference Library},
    year = {}
}

Bookmark

OpenURL

Abstract

The National Software Reference Library (NSRL) provides a repository of known software, file profiles, and file signatures for use by law enforcement and other organizations involved with computer forensic investigations. The NSRL is comprised of three major elements: 1. A physical library of commercial software packages. 2. A database of information about each file within each software package. 3. A smaller database of the most widely used information that is updated and released quarterly. This database is called the NSRL Reference Data Set (RDS) and is NIST Special Database #28 [18]. During a forensic investigation, hundreds of thousands of files may be encountered. The NSRL is used to identify known files. This can reduce the amount of time spent examining a computer. Matches for common operating systems and applications do not need to be searched, either manually or electronically, for evidence. Additionally, the NSRL is used to determine which software applications are present on a system. This may suggest how the computer was being used and provide information on how and

Citations

671	Applied Cryptography: Protocols, Algorithms, and Source Code in C - Schneier - 1996
208	The Art of Computer Programming, Seminumerical Algorithms - Knuth - 1998
170	RFC1321: The MD5 Message-Digest Algorithm,” IETF - Rivest - 1992
73	Multicollisions in Iterated Hash Functions: Application to Cascaded Constructions - Joux
69	Statistical test suite for random and pseudorandom number generators for cryptographic applications, NIST special publication - Rukhin, Soto, et al. - 2010
65	The status of MD5 after a recent attack - Dobbertin - 1996
31	The marsaglia random number CDROM including the Diehard battery of tests of randomness. http://www.stat.fsu.edu/pub/diehard/; Last accessed - Marsaglia - 1995
29	Tunnels in Hash Functions: MD5 Collisions Within a Minute,” Cryptology ePrint Archive, Report 2006/105 - Klima
21	The speed of security - Schneier
16	A Painless Guide to CRC Error Detection Algorithms V3.00" (http://www.repairfaq.org/filipg/LINK/F_crc_v3.html) . http://www.repairfaq.org/filipg/LINK/F_crc_v3.html. Retrieved 5 June 2010.Contains a rigorous explanation of how to generate the CRC table typ - Williams, Ross - 1996
12	Attacking hash functions by poisoned messages: The Story of Alice and her boss - Daum, Lucks - 2005
11	Randomness and degrees of irregularity - Pincus, Singer - 1996
4	Finding MD5 Collisions—a Toy For a Notebook,” Cryptology ePrint Archive, Report 2005/075 - Klima
3	Approximate entropy for testing randomness - Rukhin - 2000
1	Selection of Hashing Algorithms, URL:http://www.nsrl.nist.gov/Technical_papers.htm - Boland, Fisher
1	Cryptanalysis of MD5 compress, URL:http://citeseer.ist.psu.edu/dobbertin96cryptanalysis.html - Dobbertin - 1996
1	Preimages on n-bit Hash Functions for Much - Kelsey, Schneier, et al.
1	Oorschot and others, Handbook of Applied Cryptography - Menezes, P - 1997
1	Cryptanalysis of MD5 and SHA: Time for a - Schneier - 2004
1	Statistical Testing of Random Number Generators, URL:http://www.csrc.nist.gov - Soto - 2000
1	2004) [Last Accessed - Wang, Feng, et al.