Missing MD5 hashes for Guymager "dd" image files (this is the REAL posting, sorry)
417 views
Skip to first unread message
Heinz Werner Kramski-Grote
Sep 15, 2014, 11:26:57 AM9/15/14
to bitcurat...@googlegroups.com
(Sorry for triple posts - I keep getting error messages on posting...)
We successfully did our first (big!) hard disk acquisitions using BC 0.9.20 as a live system on original hardware (which allows us to easily document technical details running "lshw" etc.).
For now we stick to the "dd" format as the images are to be mounted and processed on other systems probably not aware of the .Exx format.
The Guymager settings used were
In addition: Is there any way to write out a pc3_disk2.md5 file, which should be easier to verify than the MD5 info contained in the free-form .info file?
TIA
Heinz
We successfully did our first (big!) hard disk acquisitions using BC 0.9.20 as a live system on original hardware (which allows us to easily document technical details running "lshw" etc.).
For now we stick to the "dd" format as the images are to be mounted and processed on other systems probably not aware of the .Exx format.
The Guymager settings used were
Hash calculation : MD5
Source verification : off
Image verification : on
and the resulting .info file nicely saysSource verification : off
Image verification : on
MD5 hash : c0dba054551f1c2a945fba6a28853c0d
MD5 hash verified source : --
MD5 hash verified image : c0dba054551f1c2a945fba6a28853c0d
SHA1 hash : --
SHA1 hash verified source : --
SHA1 hash verified image : --
SHA256 hash : --
SHA256 hash verified source: --
SHA256 hash verified image : --
Image verification OK. The image contains exactly the data that was written.
But at the end of this file there is this sectionMD5 hash verified source : --
MD5 hash verified image : c0dba054551f1c2a945fba6a28853c0d
SHA1 hash : --
SHA1 hash verified source : --
SHA1 hash verified image : --
SHA256 hash : --
SHA256 hash verified source: --
SHA256 hash verified image : --
Image verification OK. The image contains exactly the data that was written.
Generated image files and their MD5 hashes
==========================================
No MD5 hashes available (configuration parameter CalcImageFileMD5 is off)
MD5 Image file
n/a pc3_disk2.dd
This looks contradictory to me. Or am I missing a point?==========================================
No MD5 hashes available (configuration parameter CalcImageFileMD5 is off)
MD5 Image file
n/a pc3_disk2.dd
In addition: Is there any way to write out a pc3_disk2.md5 file, which should be easier to verify than the MD5 info contained in the free-form .info file?
TIA
Heinz
pwolsen
Sep 18, 2014, 5:24:32 PM9/18/14
to bitcurat...@googlegroups.com
Hi Heinz,
That bottom check sum is optional and can be turned on in the Guymager config file: http://guymager.sourceforge.net/guymager.cfg (Guy recommends that you don't edit the config file directly but make your changes in /etc/guymager/local.cfg, which you'll need to create.)
The reason this option exists is because when using E01 or AFF disk images, the check sum of the raw disk image (i.e., without attached metadata and before compression) is listed in the main body of the info file (the MD5 sums you see in your info file). An E01 or AFF disk image will necessarily produce check sums that are different from the raw disk image as they include any entered metadata. The bottom section where you don't see any check sums is where those hashes will appear if you enable that feature.
Regarding your last question, you can quickly create MD5, SHA-1 and SHA-256 check sums with the GtkHash tool found in the "Other Tools" directory on the BitCurator desktop. Let me know if that clears things up for you.
Porter
That bottom check sum is optional and can be turned on in the Guymager config file: http://guymager.sourceforge.net/guymager.cfg (Guy recommends that you don't edit the config file directly but make your changes in /etc/guymager/local.cfg, which you'll need to create.)
The reason this option exists is because when using E01 or AFF disk images, the check sum of the raw disk image (i.e., without attached metadata and before compression) is listed in the main body of the info file (the MD5 sums you see in your info file). An E01 or AFF disk image will necessarily produce check sums that are different from the raw disk image as they include any entered metadata. The bottom section where you don't see any check sums is where those hashes will appear if you enable that feature.
Regarding your last question, you can quickly create MD5, SHA-1 and SHA-256 check sums with the GtkHash tool found in the "Other Tools" directory on the BitCurator desktop. Let me know if that clears things up for you.
Porter
Heinz Werner Kramski-Grote
Sep 23, 2014, 5:22:24 PM9/23/14
to bitcurat...@googlegroups.com
Thanks for the clarification.
Heinz
Heinz
Reply all
Reply to author
Forward
0 new messages