Thursday, April 8, 2010
In this article, I aim to show, through practical examples, that computer forensics techniques such as the use of hash values are inherently flawed in tracking illegal computer files. First, I describe the underlying theory of hashing algorithms and hash values, as well as discuss that several U.S. government agencies keep detailed file databases in order to track or detect illegal files, e.g. pirated media or child pornography. These databases include the file’s unique hash values. Then, I provide real examples of hash values using MD5 and SHA-1 hashing algorithms to show how extremely minor alterations to a computer file produce radically different hash values. While such a cryptological system is important in authenticating files and ensuring that a given file is the one sought by an internet user, I argue that this system causes numerous problems in tracking internet criminals, and further allows even “newbies” to avoid detection. In conclusion, I state that cryptologists and computer forensics experts need to focus on this as they develop the next generation of hashing algorithms.
Download the article from SSRN at the link.