Hi there,
I am working on an application to be used in our local Forensics
department...
Among other things the app will connect to a digital camera and download the
images to the hard drive. For various reasons I need to be able to say with
certainty that the image on the hard drive is exactly what was on the
camera... any ideas on best way to achieve this...?
I could do a checksum of each image and compare this but not sure how to
implement in code or if there is a better way. Merely checking the file size
matches is not sufficient to stand up in Court.
Any suggestions appreciated, especially if sample code included (can be
classic VB if necessary). Does .Net perhaps have something like this built
into the Framework?
Cheers 24 6848
"Bob" <bo*@nospam.com > skrev i en meddelelse
news:eq******** ******@TK2MSFTN GP12.phx.gbl... Hi there,
I am working on an application to be used in our local Forensics department...
Among other things the app will connect to a digital camera and download
the images to the hard drive. For various reasons I need to be able to say
with certainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...?
I could do a checksum of each image and compare this but not sure how to implement in code or if there is a better way. Merely checking the file
size matches is not sufficient to stand up in Court.
Any suggestions appreciated, especially if sample code included (can be classic VB if necessary). Does .Net perhaps have something like this built into the Framework?
Cheers
Hi Bob,
Have a look at http://www.vbaccelerator.com/home/NE...32/article.asp ,
maybe you can use some of this.
--
Lasse
Hi Bob,
Here is write a sample for you.
Imports System
Imports System.IO
Imports System.Security .Cryptography
Module Module1
Sub Main()
Dim fs As FileStream = New FileStream("c:\ dafen.jpg",
FileMode.Open, FileAccess.Read )
Dim arr(fs.Length) As Byte
fs.Read(arr, 0, fs.Length)
fs.Close()
Dim tmpHash() As Byte
tmpHash = New MD5CryptoServic eProvider().Com puteHash(arr)
fs = New FileStream("c:\ dafen1.jpg", FileMode.Open, FileAccess.Read )
fs.Read(arr, 0, fs.Length)
Dim tmpNewHash() As Byte
tmpNewHash = New MD5CryptoServic eProvider().Com puteHash(arr)
Dim bEqual As Boolean
If tmpNewHash.Leng th = tmpHash.Length Then
Dim i As Integer
Do While (i < tmpNewHash.Leng th) AndAlso (tmpNewHash(i) =
tmpHash(i))
i += 1
Loop
If i = tmpNewHash.Leng th Then
bEqual = True
End If
End If
If bEqual Then
Console.WriteLi ne("The two hash values are the same")
Else
Console.WriteLi ne("The two hash values are not the same")
End If
End Sub
End Module
HOW TO: Compute and Compare Hash Values by Using Visual Basic .NET http://support.microsoft.com/default...b;en-us;301053
If you have any related question, you may post the question here.
Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
-------------------- From: "Bob" <bo*@nospam.com > Subject: Checksum, CRC or something better? Date: Tue, 21 Oct 2003 16:35:12 +1000 Lines: 21 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <eq************ **@TK2MSFTNGP12 .phx.gbl> Newsgroups: microsoft.publi c.dotnet.langua ges.vb NNTP-Posting-Host: 202-44-189-210.nexnet.net. au 202.44.189.210 Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!TK2 MSFTNGP12.phx.g bl Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.langua ges.vb:148560 X-Tomcat-NG: microsoft.publi c.dotnet.langua ges.vb
Hi there,
I am working on an application to be used in our local Forensics department.. .
Among other things the app will connect to a digital camera and download
theimages to the hard drive. For various reasons I need to be able to say with certainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...?
I could do a checksum of each image and compare this but not sure how to implement in code or if there is a better way. Merely checking the file
sizematches is not sufficient to stand up in Court.
Any suggestions appreciated, especially if sample code included (can be classic VB if necessary). Does .Net perhaps have something like this built into the Framework?
Cheers
Hi Bob,
You are right... what you want to do must be done correctly... no mistakes allowed.
Checksums should be used only for error correction, not where evil people may come in. Checksums are simple functions, that can be exploited to create fake documents with the same checksum.
You should use an hash algorithm. An hash algorithm works like a checksum; you provide the input (any file or any buffer with any length), and the algorithm returns the hash value (also called digest, a fixed size array of bytes). The difference is hash algorithms are complex cryptographic functions, and there are several commonly accepted as completely secure. Technically an hash algorithm is an one-way function; a mathematical function that can't be reversed; so that the digest can't be reversed to get the input (or know anything about it). A single bit difference in the input results in a completly different digest. Most important, it's not possible to find another input that computes to the same hash. Hash algorithms are widely used for data integrity verification.
You don't need to implement the hash algorithm, because the Framework already has several (MD5, SHA, with different digest sizes, in bits). SHA512Managed for instance returns a 64 bytes digest for any file or buffer you supply as input. Example:
Dim path As String = "c:\myfile. dat"
Dim stream As New IO.FileStream(p ath, IO.FileAccess.R ead)
Dim sha As New Security.Crypto graphy.SHA512Ma naged
Dim digest() As Byte = sha.ComputeHash (stream)
If you are not going to store the digest as a file, and prefer a string for a database, convert it to Base64 encoding:
Dim hashString As String = Convert.ToBase6 4String(digest)
That's it. When you want to verify if a file if the same or was changed (trojan horse, for instance), you compute the hash and compare the new digest with the one you had stored. If they match, you can be sure the file is exactly the same, if they dont, you are also sure it was changed somehow.
Forensics is another story... hash is good to check data integrity, but that's only a small piece of the big puzzle; computer forensics is a very complex world. Most jobs must be done in a lab, and require special hardware, to make data recovery readings on hard disks. It's possible to compromise a system for a while, and then return it exactly the way it was, leaving no tracks... Hash can tell you the system is no longer compromised, but not what nasty stuff was done before settings and files returned to normal.
To stand up in Court... it depends of what is standing up for. If you want to prove two files are different, my answer is yes, the Court will accept it based on the hash values. Hashes are on the base of digital signatures and code signing certificates; where another major technology is present, public key cryptography; and that stand up too. But that's it. Hash values are no proof that it was Alice who hacked Bob's server, or that the keylogger found in the office PC was placed by the boss. Private forensics may not stand up in court, and are not recommended if you are taking legal actions. If you want to go the legal way, let the police do the forensics. If you just want to know fast what was done on your system, save any important data that may be there, and format so that the system returns quickly into business again, take it to a private lab... one way or another, dont do forensics on serious cases if you are no expert.
Regards,
Mario
"Bob" <bo*@nospam.com > wrote in message news:eq******** ******@TK2MSFTN GP12.phx.gbl... Hi there, I am working on an application to be used in our local Forensics department... Among other things the app will connect to a digital camera and download the images to the hard drive. For various reasons I need to be able to say with certainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...? I could do a checksum of each image and compare this but not sure how to implement in code or if there is a better way. Merely checking the file size matches is not sufficient to stand up in Court. Any suggestions appreciated, especially if sample code included (can be classic VB if necessary). Does .Net perhaps have something like this built into the Framework? Cheers
Hi,
Actually, the other answers that you received are on target, technically.
However, they do nothing to address the legal issue...
And, there is no way to do what you want -- UNLESS the camera ITSELF
generates the CRC. Your software could then compare and store (perhaps
encrypted) the results. The issue here is that there is no chain of
evidence with a conventional digital camera. You only have the image
information AFTER it is stored on the PC. And, the original image may be
purported to have come from a camera, but... How do you prove that?
A better legal remedy would be to capture the image, encrypt it with a
digital certificate, and include a copy of some sort of (other) written
document (probably a physically signed image) that certifies the actual
chain of handling. You should talk to you legal eagles to get a specific
recommendation on this additional work.
BTW, this all is IMO. I'm not a lawyer.
Dick
--
Richard Grier (Microsoft Visual Basic MVP)
See www.hardandsoftware.net for contact information.
Author of Visual Basic Programmer's Guide to Serial Communications, 3rd
Edition ISBN 1-890422-27-4 (391 pages) published February 2002.
* "Bob" <bo*@nospam.com > scripsit: Among other things the app will connect to a digital camera and download the images to the hard drive. For various reasons I need to be able to say with certainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...?
You can use this code to calculate a CRC checksum:
<http://vbaccelerator.c om/article.asp?id= 930>
--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
On Tue, 21 Oct 2003 16:35:12 +1000, "Bob" <bo*@nospam.com > wrote: Hi there,
I am working on an application to be used in our local Forensics department.. .
Among other things the app will connect to a digital camera and download the images to the hard drive. For various reasons I need to be able to say with certainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...?
I could do a checksum of each image and compare this but not sure how to implement in code or if there is a better way. Merely checking the file size matches is not sufficient to stand up in Court.
Any suggestions appreciated, especially if sample code included (can be classic VB if necessary). Does .Net perhaps have something like this built into the Framework?
Cheers
You need a digital camera that supports watermarking and/or
signatures. As hinted by the other guys in this thread, the jury's
still out on aspects of this technology.
refs: http://citeseer.nj.nec.com/context/381517/0
I've had a quick look for suitable cameras, but haven't had any luck.
I'm sure someone manufactures them, as the problem was identified
years ago... Best of luck.
Rgds,
Hi Peter,
Thanks for the code... I'll check it out and see how I go...
Cheers
"Peter Huang [MSFT]" <v-******@online.m icrosoft.com> wrote in message
news:FO******** ******@cpmsftng xa06.phx.gbl... Hi Bob,
Here is write a sample for you.
Imports System Imports System.IO Imports System.Security .Cryptography Module Module1 Sub Main() Dim fs As FileStream = New FileStream("c:\ dafen.jpg", FileMode.Open, FileAccess.Read ) Dim arr(fs.Length) As Byte fs.Read(arr, 0, fs.Length) fs.Close() Dim tmpHash() As Byte tmpHash = New MD5CryptoServic eProvider().Com puteHash(arr) fs = New FileStream("c:\ dafen1.jpg", FileMode.Open,
FileAccess.Read ) fs.Read(arr, 0, fs.Length) Dim tmpNewHash() As Byte tmpNewHash = New MD5CryptoServic eProvider().Com puteHash(arr) Dim bEqual As Boolean If tmpNewHash.Leng th = tmpHash.Length Then Dim i As Integer Do While (i < tmpNewHash.Leng th) AndAlso (tmpNewHash(i) = tmpHash(i)) i += 1 Loop If i = tmpNewHash.Leng th Then bEqual = True End If End If If bEqual Then Console.WriteLi ne("The two hash values are the same") Else Console.WriteLi ne("The two hash values are not the same") End If End Sub End Module
HOW TO: Compute and Compare Hash Values by Using Visual Basic .NET http://support.microsoft.com/default...b;en-us;301053
If you have any related question, you may post the question here.
Regards, Peter Huang Microsoft Online Partner Support Get Secure! www.microsoft.com/security This posting is provided "as is" with no warranties and confers no rights. --------------------From: "Bob" <bo*@nospam.com > Subject: Checksum, CRC or something better? Date: Tue, 21 Oct 2003 16:35:12 +1000 Lines: 21 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <eq************ **@TK2MSFTNGP12 .phx.gbl> Newsgroups: microsoft.publi c.dotnet.langua ges.vb NNTP-Posting-Host: 202-44-189-210.nexnet.net. au 202.44.189.210 Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!TK2 MSFTNGP12.phx.g bl Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.langua ges.vb:148560 X-Tomcat-NG: microsoft.publi c.dotnet.langua ges.vb
Hi there,
I am working on an application to be used in our local Forensics department.. .
Among other things the app will connect to a digital camera and download theimages to the hard drive. For various reasons I need to be able to say
withcertainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...?
I could do a checksum of each image and compare this but not sure how to implement in code or if there is a better way. Merely checking the file sizematches is not sufficient to stand up in Court.
Any suggestions appreciated, especially if sample code included (can be classic VB if necessary). Does .Net perhaps have something like this
builtinto the Framework?
Cheers
Mario,
I was just after suggestions on how best to compare 2 files and guarantee they are identical... the actual use is for fingerprint images taken at crime scenes by Forensic Scene Of Crime Officers (SOCOs).
I am writing software that handles getting the images off the camera, making sure the local copy matches exactly and package it with case notes and the hash or whatever data etc.Then I'll be using remoting or similar to transfer back to base for fingerprint identification.
The chain of evidence will be preserved as much as is possible by ensuring the images are written to the hard drive in a folder that the SOCO has no access to - which just covers their butts really. Then once a job is submitted only the fingerprint experts will have access to it.
All the legal stuff has been sorted out but I couldn't give a rats about that... I'm just interested in the technology side of things...
Cheers for the info...
"Mario" <mz******@DONTW ANTSPAMmail.pt> wrote in message news:eb******** *****@TK2MSFTNG P10.phx.gbl...
Hi Bob,
You are right... what you want to do must be done correctly... no mistakes allowed.
Checksums should be used only for error correction, not where evil people may come in. Checksums are simple functions, that can be exploited to create fake documents with the same checksum.
You should use an hash algorithm. An hash algorithm works like a checksum; you provide the input (any file or any buffer with any length), and the algorithm returns the hash value (also called digest, a fixed size array of bytes). The difference is hash algorithms are complex cryptographic functions, and there are several commonly accepted as completely secure. Technically an hash algorithm is an one-way function; a mathematical function that can't be reversed; so that the digest can't be reversed to get the input (or know anything about it). A single bit difference in the input results in a completly different digest. Most important, it's not possible to find another input that computes to the same hash. Hash algorithms are widely used for data integrity verification.
You don't need to implement the hash algorithm, because the Framework already has several (MD5, SHA, with different digest sizes, in bits). SHA512Managed for instance returns a 64 bytes digest for any file or buffer you supply as input. Example:
Dim path As String = "c:\myfile. dat"
Dim stream As New IO.FileStream(p ath, IO.FileAccess.R ead)
Dim sha As New Security.Crypto graphy.SHA512Ma naged
Dim digest() As Byte = sha.ComputeHash (stream)
If you are not going to store the digest as a file, and prefer a string for a database, convert it to Base64 encoding:
Dim hashString As String = Convert.ToBase6 4String(digest)
That's it. When you want to verify if a file if the same or was changed (trojan horse, for instance), you compute the hash and compare the new digest with the one you had stored. If they match, you can be sure the file is exactly the same, if they dont, you are also sure it was changed somehow.
Forensics is another story... hash is good to check data integrity, but that's only a small piece of the big puzzle; computer forensics is a very complex world. Most jobs must be done in a lab, and require special hardware, to make data recovery readings on hard disks. It's possible to compromise a system for a while, and then return it exactly the way it was, leaving no tracks... Hash can tell you the system is no longer compromised, but not what nasty stuff was done before settings and files returned to normal.
To stand up in Court... it depends of what is standing up for. If you want to prove two files are different, my answer is yes, the Court will accept it based on the hash values. Hashes are on the base of digital signatures and code signing certificates; where another major technology is present, public key cryptography; and that stand up too. But that's it. Hash values are no proof that it was Alice who hacked Bob's server, or that the keylogger found in the office PC was placed by the boss. Private forensics may not stand up in court, and are not recommended if you are taking legal actions. If you want to go the legal way, let the police do the forensics. If you just want to know fast what was done on your system, save any important data that may be there, and format so that the system returns quickly into business again, take it to a private lab... one way or another, dont do forensics on serious cases if you are no expert.
Regards,
Mario
"Bob" <bo*@nospam.com > wrote in message news:eq******** ******@TK2MSFTN GP12.phx.gbl... Hi there, I am working on an application to be used in our local Forensics department... Among other things the app will connect to a digital camera and download the images to the hard drive. For various reasons I need to be able to say with certainty that the image on the hard drive is exactly what was on the camera... any ideas on best way to achieve this...? I could do a checksum of each image and compare this but not sure how to implement in code or if there is a better way. Merely checking the file size matches is not sufficient to stand up in Court. Any suggestions appreciated, especially if sample code included (can be classic VB if necessary). Does .Net perhaps have something like this built into the Framework? Cheers
Hi,
I don't need to prove it came from a certain camera... just that the local
(or server side) copy is exactly the same as the source image on the camera.
Otherwise you are right, it would be a great deal more complex.
Cheers
"Dick Grier" <di************ **@msn.com> wrote in message
news:uB******** ******@TK2MSFTN GP10.phx.gbl... Hi,
Actually, the other answers that you received are on target, technically. However, they do nothing to address the legal issue...
And, there is no way to do what you want -- UNLESS the camera ITSELF generates the CRC. Your software could then compare and store (perhaps encrypted) the results. The issue here is that there is no chain of evidence with a conventional digital camera. You only have the image information AFTER it is stored on the PC. And, the original image may be purported to have come from a camera, but... How do you prove that?
A better legal remedy would be to capture the image, encrypt it with a digital certificate, and include a copy of some sort of (other) written document (probably a physically signed image) that certifies the actual chain of handling. You should talk to you legal eagles to get a specific recommendation on this additional work.
BTW, this all is IMO. I'm not a lawyer.
Dick
-- Richard Grier (Microsoft Visual Basic MVP)
See www.hardandsoftware.net for contact information.
Author of Visual Basic Programmer's Guide to Serial Communications, 3rd Edition ISBN 1-890422-27-4 (391 pages) published February 2002.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Robert Oschler |
last post by:
I'm about to do some MySQL work with Python. In the Python Cookbook book
they talk about the MySQLdb module. Is that still the way to go or is there
something better (easier, newer, etc.)?
Thanks.
--
Robert
|
by: PyongHopscotch |
last post by:
Hi All I was just wondering if there was a better function/way to get
information on all the printers currently installed than EnumPrinters.
I only really need all the printer names but don't care to do the
memory management involved with EnumPrinters.
I looked at using GetProfileString with but that requires I
know the buffer size ahead of time.
Any alternatives would be appreciated.
|
by: PyongHopscotch |
last post by:
Hi All I was just wondering if there was a better function/way to get
information on all the printers currently installed than EnumPrinters.
I only really need all the printer names but don't care to do the
memory management involved with EnumPrinters.
I looked at using GetProfileString with but that requires I
know the buffer size ahead of time.
Any alternatives would be appreciated
|
by: MikeY |
last post by:
From my understanding when exporting your app.exe with a mediaplay hooked
up, you must also place a copy of AxInterop.WMPLib.dll and
Interop.WMPLib.dll" wrapper class. to the location of my app.exe.
Is there something better out there I should be using to avoid this and or a
better way of doing this so that I don't have to export the .dll's.
Any and all help is appreciated.
MikeY
|
by: sloan |
last post by:
I've been reading this article:
http://msdn2.microsoft.com/EN-US/library/aa302401.aspx
Building Secure ASP.NET Applications: Authentication, Authorization, and
Secure Communication
(the article is for 1.1)
(i'm using 2.0)
The article is good. Then you get to the part about:::::::::::::
| |
by: buu |
last post by:
I'm using getHashCode sub from String object, but sometimes it gives me
duplicate values for different strings.
Difference is always when there are some numbers in strings.
Is there any better/new getHash code function or any way to do some better
hashing?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| |
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |