Re: CRC32 vd MD5

Firstly, a big (and belated) thank you for all the replies, both on and off list, to my original post on this issue.

>From what I gather from these responses, I think my original gut feeling that CRC32 by
itself was probably not "enough" for forensic purposes seems to be sound. That being so, I'm unsure why an experienced team investigating such a high profile case would use MD5 only at a later stage in response to opposing counsel's comments (but I don't know the full facts of the case so won't comment further).

Of equal interest, though, has been the broader discussion of the distribution of MD5 hashes once created, chain of custody procedures and the integrity/credibility of forensic professionals. I was particularly interested in one idea concerning the initial imaging/hashing of evidence in the presence of the defence/defendant/other party and providing the resultant hash to them at this early stage in some kind of secure (digitally signed?) form (I guess for this procedure to have any value it becomes crucial to establish that the evidence could not have been altered by either side before the imaging/hashing process). Nevertheless, is anyone using this type of procedure or are the checks and balances of modern criminal systems sufficient to render it unnecessary? Equally, are those of us working in the corporate arena satisfied that enough is done with regard to establishing the integrity of the evidence we examine or produce?

Jamie

-- 
Jamie Morris
Forensic Focus
Email: admin@forensicfocus.com
Web: 
http://www.forensicfocus.com


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com