Mead, S.
(2006),
Unique File Identification in the National Software Reference Library, Digital Investigation, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50815
(Accessed June 1, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Unique File Identification in the National Software Reference Library
Published
Author(s)
Abstract
The National Software Reference Library (NSRL) provides a repository of known software, file profiles, and file signatures for use by law enforcement and other organizations involved with computer forensic investigations. This paper examines whether the techniques used to create file signatures in the NSRL produce unique results?a core characteristic that the NSRL depends on for the majority of its uses. The uniqueness of the file identification is analyzed via two methods: an empirical analysis of the file signatures within the NSRL and research into the recent attacks on the hash algorithms used to generate the file signatures within the NSRL. The conclusions of this paper are: ?There are no file signature collisions in the NSRL for either MD5 or SHA-1. ?There was no detectable bias introduced by hashing files, and so the probability of future collisions is negligible. ?Although there are methods to attack the underlying hash algorithms, they are not relevant to the NSRL.Citation
Digital Investigation
Pub Type
Journals
Download Paper
Keywords
Collision, CRC32, File Signature, Forensic, Hash Algorithm, MD5, NSRL, SHA1
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created October 23, 2006, Updated June 24, 2021