Yes the MD5 signatures at both end have to match before you could proceed. Trevor Cushen Sysnet Ltd
www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: David J. Bianco [mailto:[EMAIL PROTECTED]] Sent: 19 February 2003 18:38 To: H C Cc: Trevor Cushen; [EMAIL PROTECTED] Subject: RE: tools used to examine a computer On Tue, 2003-02-18 at 13:02, H C wrote: > > Also on the point of copying files over the network > > first, correct me if > > I'm wrong but that damages the chain of evidence. > > Now so? If one collects the necessary info (ie, MAC > times, NTFS ADSs, permissions, full path, etc), hashes > the file (MD5 and/or SHA-1), and then copies the file > over the network using something like 'dd' or type, > and netcat/cryptcat, how is the chain of evidence > broken? Especially if it's documented? Although Trevor has since posted a clarification to the effect that was referring to file copying as opposed to creating a bit image with dd, I think it's worth noting that in order to guard against accidental or malicious network data tampering, you'd have to guarantee that the data traversed the network without being tampered with, probably by computing an md5 sum on the data at both ends of the transfer. Otherwise the chain of evidence would indeed be broken, since most networks are not guaranteed to be reliable or secure from tampering. David -- David J. Bianco <[EMAIL PROTECTED]> Thomas Jefferson National Accelerator Facility ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or [EMAIL PROTECTED] **************************************************************************************
