eMag Solutions will be in Maryland next week for ILTA 09.  Look for us on the tradeshow floor, booth #516, where we will have a demo of our new release, eMag PreVu 3.0.  While I will not personally be there, I have recruited my manager, Brett Tarr, to Tweet from the event.  He'll be giving us the scoop on all the latest action and excitement!  Ok, perhaps I'm being a little hyperbolic.  None-the-less, he'll be sharing with us the latest insight and updates in the legal technology arena that emerge from ILTA 09.  Stop by and introduce yourself, we'd love to meet those with whom we chat via this blog and Twitter. 

If you'd like to reach out to Brett, you may contact him via email: btarr@emagsolutions.com

We look forward to seeing you there!

The hash code of a file is a number (typically 16 or 20 bytes in length) that is unique for just that file. There two standard routines for generating these codes, SHA-1 and MD5, which are universally accepted in the forensic and investigation world. This article will discuss the primary areas where you will encounter these routines.

Obviously a unique number is a digital signature of a file. Once generated it can be shown that at any later date, the file has not been changed intentionally or accidentally (in transmission etc). Thus the whole question of has a file been tampered with can be controlled in a very easy way.

The other main area is in identifying files by their contents. A hash value is generated by just the file contents, while the file name or date of file is not relevant. This can help an investigation in two very different ways. When examining a tape or disk for information, it is often necessary to eliminate by some means a very large number of system files. One may decide to ignore say all .EXE files, or all .DLL files, but in doing so, it is impossible to tell if these files do in fact store user information that could be relevant to an inquiry. What can be ignored are all system files that have not been changed since they were generated, for instance, by Microsoft. A new XP system contains a GB or so of files made up of a very large number of files. By having hash values of all of these original files, it is possible to eliminate these files in the certainty that they have not been changed or added to in any way since released by Microsoft. Data that has been hidden in a file with a standard operating system name, even of the same size and date, will never have the same hash value. To make life a bit easier for users, there are lists of hash values for many standard applications and operating systems on the web. A useful [website is the National Software Reference Library.]

The second useful application for investigations may often be based on the requirement to detect if certain files exist - typically related to pornographic image investigation. If somebody is suspected of downloading files from a certain site then the hash values of the files on their disk or backup tape may be compared with known databases and matches can be made irrespective of file name or location.

MM/PC has had the ability to create hash values as part of the forensic log for over a year now, but a new addition (on V4.05) is the ability to import hash tables in hashkeeper (MD5) format to work with the de-duplication routine to skip restoring standard operating system files from tape. The log will display the files that have been skipped, along with all hash values, in both SHA-1 and MD5 format. The log can be exported so that searching for known hash values may be carried out by user applications. Contact us today to learn more about this new feature for MM/PC.

For orginal article, click here.

Product and company names mentioned on this web page may be trademarks or registered trademarks of their perspective companies and are hereby acknowledged.

This article may be re-published as long as the following resource box is included at the end of the article and as long as you link to the email address and the URL mentioned in the resource box:

Article by eMag Solutions. For more articles on eDiscovery and Data Restoration, subscribe to our e-mail Newsletter by sending a blank email to newsletter@emaglink.com or by going to http://www.emaglink.com/.

By: Brett Tarr

Information data security is a critical topic in the current environment of ever-growing technology and information overload. Data security is much more than just a compliance mechanism; it protects organizational data, helps ensure the survival of business entities, and provides the tools for building and sharpening a competitive edge in the marketplace. ISO 27001 represents a new standard in data security that not only maps directly to multiple regulatory compliance controls but also provides a framework for organizations to build an effective information security program. ISO 27001 standard help organizations to create a secure data infrastructure that is scalable, and more importantly, drive a management standard to ensure the confidentiality, integrity, and availability of data and services.

Organizational data consists of many layers of information, many of which are considered confidential, necessitating the installation of controls that are secure and adaptable. Key examples of confidential data that requires protection include: Intellectual property, trade secrets, internal communications, customer lists, strategic plans, financial plans/information, and client information. Clearly, certain compliance standards exist for the protection of certain types of confidential information, but for the organization's competitive survival, data security needs to be much more than a mechanism to ensure compliance, as this information is the lifeblood of the organization. For most organizations, the ability to protect proprietary and confidential information ensures the very survival of the organization and its ability to compete the local, regional, national, or global arena.

ISO 27001 represents the only auditable international standard to define the requirements for Information Security Management Systems, and ISO 27001 certification is achievable only by companies that demonstrate the highest competency in information security management.

ISO 27001 is a guideline for management system that identifies, manages and minimizes a range of threats to business information. It provides guidelines for implementing a constructive risk management process, setting up policies, and ensuring a secure infrastructure is in place. This standard shows that a business has taken preventative measures to protect clients' data, and demonstrates to customers and prospects that the business is observing a duty of care.

Some of the key government regulations and fiduciary requirements around corporate governance that can be tied into ISO27001 include: the Health Insurance Portability and Accountability Act (HIPAA), Sarbannes-Oxley, Visa Cardholder Information Security Program/Payment Card Industry Security Standard (VISA CISP/PCI), The Fair and Accurate Credit Transactions Act (FACT), Gramm-Leach-Bliley Act (GLBA), FISMA/NIST, The UK Data Protection Act, the EU Directive on Protection of Personal Data, and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

For full article, click here.

Reprinted with permission of the authors and the Association of Corporate Counsel as it originally appeared: Author names, "Article Title," ACC Docket volume Number, issue Number (Month Year): Page Range. Copyright © Year, the Association of Corporate Counsel. All rights reserved. If you are interested in joining ACC, please go to www.acc.com, call 202.293.4103 x360, or email membership@acc.com.