David, I did say "hashes the file (MD5 and/or SHA-1)"...so do it both before and after you copy it over the network. Just be sure to collect the MAC times *before* you hash it, as hashing causes the file to be accessed, and the last access time changes.
--- "David J. Bianco" <[EMAIL PROTECTED]> wrote: > On Tue, 2003-02-18 at 13:02, H C wrote: > > > Also on the point of copying files over the > network > > > first, correct me if > > > I'm wrong but that damages the chain of > evidence. > > > > Now so? If one collects the necessary info (ie, > MAC > > times, NTFS ADSs, permissions, full path, etc), > hashes > > the file (MD5 and/or SHA-1), and then copies the > file > > over the network using something like 'dd' or > type, > > and netcat/cryptcat, how is the chain of evidence > > broken? Especially if it's documented? > > Although Trevor has since posted a clarification to > the effect that > was referring to file copying as opposed to creating > a bit image with > dd, I think it's worth noting that in order to guard > against accidental > or malicious network data tampering, you'd have to > guarantee that the > data traversed the network without being tampered > with, probably by > computing an md5 sum on the data at both ends of the > transfer. > Otherwise the chain of evidence would indeed be > broken, since most > networks are not guaranteed to be reliable or secure > from tampering. > > David > > > -- > David J. Bianco <[EMAIL PROTECTED]> > Thomas Jefferson National Accelerator Facility > __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com