SANS Digital Forensics and Incident Response Blog: Tag - Law

Digital Forensics Case Leads: There Is No Theme

This week in Case Leads, we feature a wide array of new tools and articles that defy classification under any particular theme. You'll find tools forensic image processing and analysis, PDF analysis, and password cracking. News and articles include issues of law, process automation, forensic value, and incident response. Continue reading Digital Forensics Case Leads: There Is No Theme


Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite

This week, the dispute between the ACLU of Michigan and the Michigan State Police engages most of my attention here. But there are a lot of other interesting items this week, including Verizon's 2011 Data Breach Investigations Report, one person's stab at what to do about Chinese espionage, and new information about the location data … Continue reading Digital Forensics Case Leads: ACLU, Michigan State Police, and Cellebrite


Law Is Not A Science: Admissibility of Computer Evidence and MD5 Hashes

Another day... another hashing discussion:

On the SANS GIAC Alumni list the other day, the question popped up from one of the individuals on the list:

"I'm assuming that this group has had the pleasure to consume the latest research focused on MD5 hash collisions. Discussions about hash collisions seems to carry the same energy as religion and politics. My question is regarding digital evidence and the use of MD5 hashes to establish digital evidence integrity. The use of hashes to ensure digital evidence integrity has legal precedence. However, as more research companies introduce concerns related to MD5 hashes, the courts will at some point, no longer consider this as a valid technology to ensure integrity.