Installed Files

Summer 2003 NSRL established a protocol for hashing installed files

Used VMware virtual machines on Red Hat Linux to install operating systems

The virtual machine, a file on the linux box, was repeatedly saved at major steps in the process

Once OS was installed, a directory was created and 6 files were created to run NSRL hashing code on the installation

Hashes were calculated on the OS with a native process

A tar file was created of the installed files and hashed in the NSRL environment

Comparisons were made between native and tar hashes for verification

One example: over 70% of the files installed as part of Win2000 are the same files as on the distribution media

Using virtual machines and tar files allows NSRL to restore systems to specific states and rehash

The system states can be burned onto CD and kept on our shelves for traceability

Began investigating differences in language distributions (English, Dutch, Arabic, Korean)