| Back | Top | Next |
Law enforcement seized computers as part of investigations
LE needed automated methods to review the large number of files
FBI "Known File Filter" project supplied hash values of known files
NDIC "Hashkeeper" project supplied hash values of installed files and of "known malicious" data files
Several commercial and open source tools existed that each used different hash values (CRC32, MD4, MD5, SHA-1)
Hash values were exchanged haphazardly throughout the entire community via email, FTP sites, etc.
Investigators had to know where to find hash sets
Investigators had to judge the quality of the hash sets