Page 35 - Forensic News Journal Jan Feb 2018
P. 35
Digital Evidence and Legal Proceedings
copied) the evidence is as- identical to another or an value.
signed a verification hash item of digital evidence
value. has not been altered since This will enable the adop-
its original acquisition. tion of a technique to
Currently, it is believed The MD5 hash value was allow for the alteration of
that the hash value mecha- developed from 1991 digital evidence without
nism indicates that the by Professor Ronald L. changes to the assigned
acquired evidence is a Rivest. hash value. The result of
complete and accurate this research may be that it
copy of the data contained As the MD5 algorithm is is possible to alter an item
on the original device and based on a 128-byte data of digital evidence suffi-
that if the acquisition and block, it would appear ciently to make the current
verification hash values that there is the possibil- hashing techniques unreli-
match then no alteration ity that the data on an item able in court.
of the evidence can have of digital media could be
taken place. manipulated, yet the MD5 Matthew Jackson,
hash value not be altered. Director, Senior Forensic
Various types of hash Given this, I am currently Consultant and Expert
value exist, including, HA- undertaking research to Witness at Athena
VAL, MD5 and SHA. The attempt to verify whether Forensics
forensic arena has adopted an item of digital evidence http://www.athenaforen-
the MD5 hash as a method can be altered without sics.co.uk
of proving that one file is changing its MD5 hash
Photo Courtesy of simpatsolutions
35
