Prior Publisher
The Association of Digital Forensics, Security and Law (ADFSL)
Abstract
The Message Digest 5 (MD5) hash is commonly used as for integrity verification in the forensic imaging process. The ability to force MD5 hash collisions has been a reality for more than a decade, although there is a general consensus that hash collisions are of minimal impact to the practice of computer forensics. This paper describes an experiment to determine the results of imaging two disks that are identical except for one file, the two versions of which have different content but otherwise occupy the same byte positions on the disk, are the same size, and have the same hash value.
References
AccessData. (2006, April). MD5 Collisions: The Effect on Computer Forensics. AccessData White Paper. Retrieved from https:/ /adpdf. s3.amazonaws.com/papers/wp.MD5 Collisions.en us. pdf
Burr, W. (2006, March/ April). Cryptographic hash standards: Where do we go from here? IEEE Security & Privacy, 4(2), 88-91. Retrieved from http:/ /www.csee. wvu.edu/% 7Ekaterina/ Teaching/ CS-465-Spring- 2007 /HashStandards.pdf
Casey, E. (2011). Digital Evidence and Computer Crime, 3rd ed. Amsterdam: Elsevier.
Cohen, F. (2013). Digital Forensic Evidence Examination, 5th ed. Livermore (CA): Fred Cohen & Associates. Retrieved from http:/ /all.net/books/2013-DFEExamination. pdf
Eastlake, D., 3rd, & Jones, P. (2001, September). US Secure Hash Algorithm 1 (SHA1). Requests for Comments (RFC) 3174. Retrieved from https:/ jwww.rfceditor. org/ rfc / rfc317 4. txt
Gutman, P., Naccache, D., & Palmer, C.C. (2005, May/June). When hashes collide. IEEE Security & Privacy, 3(3), 68-71. Retrieved from https:/ /researchspace.auckland.ac.nz/bits tream/handle /2292/269/269.pdf
Lewis, D.L. (2008, December 1). The Hash Algorithm Dilemma -- Hash Value Collisions. Forensic Magazine. Retrieved from http:/ /www.forensicmag.com/article/200 8/12/hash-algorithmdilemma% E2%80%93hash-value-collisions
Maras, M. H. (2015). Computer Forensics: Cybercriminals, Laws, and Evidence, 2nd ed. Burlington, MA: Jones & Bartlett Learning.
McHugh, N. (2014, October 31). How I created two images with the same MD5 hash. Retrieved from http:/ /natmchugh.blogspot.com/2014/10 /how-i-created-two-images-with-samemd5. html
Nelson, B., Phillips, A., & Steuart, C. (2015). Guide to Computer Forensics and Investigations, 5th ed. Boston: Course Technology.
Rivest, R. (1992, April). The MD5 Message Digest Algorithm. Request for Comments (RFC) 1321. Retrieved from https:/ jwww.rfceditor. org/rfc/rfc1321.txt
Centrum Wiskunde & Informatica (CWI). (2017). Shattered. Retrieved from https://shattered.it/
Eastlake, D., 3rd, & Jones, P. (2001, September). US Secure Hash Algorithm 1 (SHA1). Requests for Comments (RFC) 3174. Retrieved from https://www.rfceditor. org/rfc/rfc3174.txt
Kessler, G.C. (2017). The Impact of MD5 File Hash Collisions on Digital Forensic Imaging. Journal of Digital Forensics, Security & Law, Vol. 11: No. 3, pp. 129- 140.
National Institute of Standards and Technology (NIST). (2015, August). Secure Hash Standard (SHS). Federal Information Processing Standards Publication FIPS PUB 180-4. Retrieved from http://csrc.nist.gov/publications/fips/fips1 80-4/fips-180-4.pdf
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., & Markov, Y. (2017). The first collision for full SHA-1. Retrieved from https://shattered.it/static/shattered.pdf
Recommended Citation
Kessler, Gary C.
(2016)
"The Impact of MD5 File Hash Collisions On Digital Forensic Imaging,"
Journal of Digital Forensics, Security and Law: Vol. 11
, Article 9.
DOI: https://doi.org/10.15394/jdfsl.2016.1431
Available at:
https://commons.erau.edu/jdfsl/vol11/iss4/9
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
