Uploaded byAlchemist095
PPT, PDF222 views

Computer Forensics

Cyber forensics involves the secure collection and examination of digital evidence from a variety of sources without altering the original data. This includes networks, small devices, storage media, and code. The process consists of acquiring evidence, authenticating any copies made, and analyzing the data without modification. Key principles are documenting all actions, creating forensic copies to preserve the original, and hashing copies to verify their integrity. The goal is to identify relevant evidence through examination while maintaining evidentiary standards for court.

Embed presentation

Downloaded 16 times
1 COMPUTER FORENSICS ISC541 (LECTURE 7) 02-10-2018
2 2 Cyber Forensics
3 3 • Includes: • Networks (Network Forensics) • Small Scale Digital Devices • Storage Media (Computer forensics) • Code Analysis Cyber Forensics
4 4 Cyber Forensic Activities Cyber forensics activities commonly include: the secure collection of computer data the identification of suspect data the examination of suspect data to determine details such as origin and content the presentation of computer-based information to courts of law the application of a country's laws to computer practice.
5 5 The 3 As The basic methodology consists of the 3 As: –Acquire the evidence without altering or damaging the original –Authenticate the image –Analyze the data without modifying it
6 6 Context of Cyber Forensics •Homeland Security •Information Security •Corporate Espionage •White Collar Crime •Child Pornography •Traditional Crime •Incident Response •Employee Monitoring •Privacy Issues •???? Digital Forensics Cyber Forensics
7 A Brief Timeline 1970’s 1980’s 1990’s 2000 200820032001 CyberCrime Legislation LEInvestigative Units InternationalLE Meeting 1stInternational ConferenceonCE IOCEFormed RCFLinUSA COEConvention onCyberCrime DFRWS ASCLD/LAB- DEUSA ISO17025 IOCE& SWGDE AAFS Subsection? Journals Conferences
8 8 Crime Scenes Physical Crime Scenes vs. Cyber/Digital Crime Scenes Overlapping principals The basics of criminalistics are constant across both physical and cyber/digital Locard’s Principle applies – “When a person commits a crime something is always left at the scene of the crime that was not present when the person arrived”
9 9 Digital Crime Scene Digital Evidence – Digital data that establish that a crime has been committed, can provide a link between a crime and its victim, or can provide a link between a crime and the perpetrator (Carrier & Spafford, 2003) Digital Crime Scene – The electronic environment where digital evidence can potentially exist (Rogers, 2005) – Primary & Secondary Digital Scene(s) as well
10 10 Forensic Principles Digital/ Electronic evidence is extremely volatile! Once the evidence is contaminated it cannot be de- contaminated! The courts acceptance is based on the best evidence principle – With computer data, printouts or other output readable by sight, and bit stream copies adhere to this principle.
11 11 Cyber Forensic Principles ● The 6 Principles are: 1. When dealing with digital evidence, all of the general forensic and procedural principles must be applied. 2. Upon seizing digital evidence, actions taken should not change that evidence. 3. When it is necessary for a person to access original digital evidence, that person should be trained for the purpose. 4. All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review. 5. An Individual is responsible for all actions taken with respect to digital evidence whilst the digital evidence is in their possession. 6. Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.
12 12 Process/Phases Identification Collection Bag & Tag Preservation Examination Analysis Presentation/Report
13 13 Identification The first step is identifying evidence and potential containers of evidence More difficult than it sounds Small scale devices Non-traditional storage media Multiple possible crime scenes
14 14 Devices Identification
15 15 Identification Context of the investigation is very important Do not operate in a vacuum! Do not overlook non-electronic sources of evidence Manuals, papers, printouts, etc.
16 16 Collection Care must be taken to minimize contamination Collect or seize the system(s) Create forensic image Live or Static? Do you own the system What does your policy say?
17 17
18 18 Collection: Documentation
19 19 Collection: Documentation ●Take detailed photos and notes of the computer / monitor – If the computer is “on”, take photos of what is displayed on the monitor – DO NOT ALTER THE SCENE
20 20 Collection: Documentation Make sure to take photos and notes of all connections to the computer/other devices
21 21 ● Rule of Thumb: make 2 copies and don’t work from the original (if possible) ● A file copy does not recover all data areas of the device for examination ● Working from a duplicate image – Preserves the original evidence – Prevents inadvertent alteration of original evidence during examination – Allows recreation of the duplicate image if necessary Collection: Imaging
22 22 Collection: Imaging ●Digital evidence can be duplicated with no degradation from copy to copy – This is not the case with most other forms of evidence
23 23 Collection: Imaging Forensic Copies (Bitstream) Bit for Bit copying captures all the data on the copied media including hidden and residual data (e.g., slack space, swap, residue, unused space, deleted files etc.) Often the “smoking gun” is found in the residual data. Imaging from a disk (drive) to a file is becoming the norm Multiple cases stored on same media No risk of data leakage from underlying media Remember avoid working for original Use a write blocker even when examining a copy!
24 24 Imaging: Authenticity & Integrity ●How do we demonstrate that the image is a true unaltered copy of the original? -Hashing (MD5, SHA 256) ●A mathematical algorithm that produces a unique value (128 Bit, 512 Bit) – Can be performed on various types of data (files, partitions, physical drive) ●The value can be used to demonstrate the integrity of your data – Changes made to data will result in a different value ●The same process can be used to demonstrate the image has not changed from time-1 to time-n
25 25 Examination Higher level look at the file system representation of the data on the media Verify integrity of image – MD5, SHA1 etc. Recover deleted files & folders Determine keyword list – What are you searching for Determine time lines – What is the timezone setting of the suspect system – What time frame is of importance – Graphical representation is very useful
26 26 Examination Examine directory tree – What looks out of place – Stego tools installed – Evidence Scrubbers Perform keyword searches – Indexed – Slack & unallocated space Search for relevant evidence types • Hash sets can be useful • Graphics • Spreadsheets • Hacking tools • Etc. Look for the obvious first When is enough enough??
27 Issues lack of certification for tools Lack of standards lack of certification for professionals lack of understanding by Judiciary lack of curriculum accreditation Rapid changes in technology! Immature Scientific Discipline 27
28 QUestions??? 28
29 Reference cyberforensics@mac.com http://www.cyberforensics.purdue.edu 29
30 Summary

More Related Content

PPT
Preserving and recovering digital evidence
byOnline
 
PPT
Digital Forensics
byNicholas Davis
 
PPT
Lecture 9 and 10 comp forensics 09 10-18 file system
byAlchemist095
 
PPTX
cyber forensics
byAmbuj Kumar
 
PPT
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
byAlchemist095
 
PPT
Lecture 8 comp forensics 03 10-18 file system
byAlchemist095
 
PDF
Encryption: Who, What, When, Where, and Why It's Not a Panacea
byResilient Systems
 
PDF
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
byAltheimPrivacy
 
Preserving and recovering digital evidence
byOnline
 
Digital Forensics
byNicholas Davis
 
Lecture 9 and 10 comp forensics 09 10-18 file system
byAlchemist095
 
cyber forensics
byAmbuj Kumar
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
byAlchemist095
 
Lecture 8 comp forensics 03 10-18 file system
byAlchemist095
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
byResilient Systems
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
byAltheimPrivacy
 

What's hot

PDF
Forensics Analysis and Validation
byJyothishmathi Institute of Technology and Science Karimnagar
 
PPTX
Digital forensics
byvishnuv43
 
PPTX
Computer forensic ppt
byPriya Manik
 
PPTX
Computer forensics
bydeaneal
 
PDF
CS6004 Cyber Forensics - UNIT IV
byArthyR3
 
PPTX
Processing Crimes and Incident Scenes
byprimeteacher32
 
PPTX
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
byDr Raghu Khimani
 
PDF
Anti forensics-techniques-for-browsing-artifacts
bygaurang17
 
PPTX
Examining computer and evidence collection
bygagan deep
 
PDF
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
PDF
Current Forensic Tools
byJyothishmathi Institute of Technology and Science Karimnagar
 
PDF
06 Computer Image Verification and Authentication - Notes
byKranthi
 
PPTX
Computer Forensic Softwares
byDhruv Seth
 
PPTX
Case study on Physical devices used in Computer forensics.
byVishal Tandel
 
PDF
Private Browsing: A Window of Forensic Opportunity
byAung Thu Rha Hein
 
DOCX
Digital forensics
byAdriana Backman
 
PDF
Computer forencis
byTeja Bheemanapally
 
PPTX
Introduction To Forensic Methodologies
byLedjit
 
PPTX
Operations Security
byMauro Alberto
 
PDF
CS6004 Cyber Forensics - UNIT V
byArthyR3
 
Forensics Analysis and Validation
byJyothishmathi Institute of Technology and Science Karimnagar
 
Digital forensics
byvishnuv43
 
Computer forensic ppt
byPriya Manik
 
Computer forensics
bydeaneal
 
CS6004 Cyber Forensics - UNIT IV
byArthyR3
 
Processing Crimes and Incident Scenes
byprimeteacher32
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
byDr Raghu Khimani
 
Anti forensics-techniques-for-browsing-artifacts
bygaurang17
 
Examining computer and evidence collection
bygagan deep
 
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
Current Forensic Tools
byJyothishmathi Institute of Technology and Science Karimnagar
 
06 Computer Image Verification and Authentication - Notes
byKranthi
 
Computer Forensic Softwares
byDhruv Seth
 
Case study on Physical devices used in Computer forensics.
byVishal Tandel
 
Private Browsing: A Window of Forensic Opportunity
byAung Thu Rha Hein
 
Digital forensics
byAdriana Backman
 
Computer forencis
byTeja Bheemanapally
 
Introduction To Forensic Methodologies
byLedjit
 
Operations Security
byMauro Alberto
 
CS6004 Cyber Forensics - UNIT V
byArthyR3
 

Similar to Computer Forensics

PPT
L11 - Intro to Computer Forensics.ppt
byRebeccaMunasheChimhe
 
PPT
Network Forensics Basic lecture for Everyone
byBurhanKhan774154
 
PPTX
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
PPT
CS426_forensics.ppt
byPrabithGupta1
 
PPT
CS426_forensics.ppt
byOkviNugroho1
 
PPTX
unit 5 understanding computer forensics.pptx
byDimple Relekar
 
PDF
Digital forensic science and its scope manesh t
byManesh T
 
PDF
Daniel_CISSP_Dom7__1_.pdf
byAlejandro Daricz
 
PPT
Lecture-2 Introduction to Digital Forensics.ppt
byamansinght675
 
PPT
Introduction to computer forensic
byOnline
 
PDF
Cyber forensics and auditing
bySweta Kumari Barnwal
 
PPTX
Digital&computforensic
byRahul Badekar
 
PPTX
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
byFORnSECSolutions
 
PPTX
ppt for Module 5 cybersecuirty_023501.pptx
byMayuraD1
 
PDF
FINAL_MSCIT_CYBER_FORENSICS_NOTES_SEM_IV_PROFAJAYPASHANKAR.pdf
byajay pashankar
 
PPTX
cyber law and forensics,biometrics systems
byMayank Diwakar
 
PPT
CS426_forensics_tools to analyse and deve
byvikashagarwal874473
 
PPT
CS426_forensics.ppt
byFaiz430036
 
PDF
Cyber Forensics training by Forensic Academy
byForensic Academy
 
PPT
Cyber Crime Evidence Collection Ifsa 2009
byUniversity of Southern Mississippi
 
L11 - Intro to Computer Forensics.ppt
byRebeccaMunasheChimhe
 
Network Forensics Basic lecture for Everyone
byBurhanKhan774154
 
Cyber forensics 02 mit-2014
byMuzzammil Wani
 
CS426_forensics.ppt
byPrabithGupta1
 
CS426_forensics.ppt
byOkviNugroho1
 
unit 5 understanding computer forensics.pptx
byDimple Relekar
 
Digital forensic science and its scope manesh t
byManesh T
 
Daniel_CISSP_Dom7__1_.pdf
byAlejandro Daricz
 
Lecture-2 Introduction to Digital Forensics.ppt
byamansinght675
 
Introduction to computer forensic
byOnline
 
Cyber forensics and auditing
bySweta Kumari Barnwal
 
Digital&computforensic
byRahul Badekar
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
byFORnSECSolutions
 
ppt for Module 5 cybersecuirty_023501.pptx
byMayuraD1
 
FINAL_MSCIT_CYBER_FORENSICS_NOTES_SEM_IV_PROFAJAYPASHANKAR.pdf
byajay pashankar
 
cyber law and forensics,biometrics systems
byMayank Diwakar
 
CS426_forensics_tools to analyse and deve
byvikashagarwal874473
 
CS426_forensics.ppt
byFaiz430036
 
Cyber Forensics training by Forensic Academy
byForensic Academy
 
Cyber Crime Evidence Collection Ifsa 2009
byUniversity of Southern Mississippi
 

Recently uploaded

PDF
IoT communication protocols and Cloud Platforms.pdf
byharshil60
 
PDF
Unit 4: Polynuclear Hydrocarbons | Pharma Organic Chemistry
bySandeshSul
 
PDF
syllabus for mca regulation 2025 anna university
bySASIDHARANMURUGAN
 
PPTX
Shaping Tomorrow: The Next Chapter for Irish Research Libraries
byCONUL Conference
 
PDF
Cut off for Asst Professor Recruitment by HPSC i.e. Haryana Public Service Co...
byRajesh Verma
 
PPTX
Pharmaceutical organic chemistry II :unit V - Cycloalkanes
byPOOJA KARVANDE
 
PPTX
From Vision to Action: UCC Library’s Digital & Information Literacy Framework...
byCONUL Conference
 
PPTX
Pharmaceutical Quality Assurance UNIT I ppt
byNikitaGidde
 
PDF
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
PDF
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
PPTX
Growing the Imirce Collection through Public Participation. Caitríona Cannon...
byCONUL Conference
 
PPTX
Archival literacy and engagement through Brightspace: the new Special Collect...
byCONUL Conference
 
PPTX
Spectrofluorometery one of the analytical technique
bySavitribai Phule Pune University
 
PPTX
Society mirrored in libraries – the naming, denaming and renaming of the Libr...
byCONUL Conference
 
PPTX
Bookish Bats: a unique sustainable delivery service in the Russell Library. A...
byCONUL Conference
 
PPTX
Empowering Equality: The Athena Swan Journey at Maynooth University Library. ...
byCONUL Conference
 
PPTX
Conduction System of the Heart, The Cardiac Cycle, The Cardiac Output, ECG.pptx
byAshish Umale
 
PPTX
605456209-week-6-ppt-pagbasa.pptxpowerpointpresentation
byDecerrieMerabite
 
PDF
Road Safety Calendar-2026 Courtesy - IYSO Team India - Safer Indian Roads
byIndian Youth Secured Organisation
 
PDF
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
IoT communication protocols and Cloud Platforms.pdf
byharshil60
 
Unit 4: Polynuclear Hydrocarbons | Pharma Organic Chemistry
bySandeshSul
 
syllabus for mca regulation 2025 anna university
bySASIDHARANMURUGAN
 
Shaping Tomorrow: The Next Chapter for Irish Research Libraries
byCONUL Conference
 
Cut off for Asst Professor Recruitment by HPSC i.e. Haryana Public Service Co...
byRajesh Verma
 
Pharmaceutical organic chemistry II :unit V - Cycloalkanes
byPOOJA KARVANDE
 
From Vision to Action: UCC Library’s Digital & Information Literacy Framework...
byCONUL Conference
 
Pharmaceutical Quality Assurance UNIT I ppt
byNikitaGidde
 
• Reinforcing the Human Firewall: Moving From Awareness to Applied Skill
byAdityarajsinh Gohil
 
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
Growing the Imirce Collection through Public Participation. Caitríona Cannon...
byCONUL Conference
 
Archival literacy and engagement through Brightspace: the new Special Collect...
byCONUL Conference
 
Spectrofluorometery one of the analytical technique
bySavitribai Phule Pune University
 
Society mirrored in libraries – the naming, denaming and renaming of the Libr...
byCONUL Conference
 
Bookish Bats: a unique sustainable delivery service in the Russell Library. A...
byCONUL Conference
 
Empowering Equality: The Athena Swan Journey at Maynooth University Library. ...
byCONUL Conference
 
Conduction System of the Heart, The Cardiac Cycle, The Cardiac Output, ECG.pptx
byAshish Umale
 
605456209-week-6-ppt-pagbasa.pptxpowerpointpresentation
byDecerrieMerabite
 
Road Safety Calendar-2026 Courtesy - IYSO Team India - Safer Indian Roads
byIndian Youth Secured Organisation
 
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 

Computer Forensics

  • 1.
  • 2.
  • 3.
    3 3 • Includes: • Networks(Network Forensics) • Small Scale Digital Devices • Storage Media (Computer forensics) • Code Analysis Cyber Forensics
  • 4.
    4 4 Cyber Forensic Activities Cyberforensics activities commonly include: the secure collection of computer data the identification of suspect data the examination of suspect data to determine details such as origin and content the presentation of computer-based information to courts of law the application of a country's laws to computer practice.
  • 5.
    5 5 The 3 As Thebasic methodology consists of the 3 As: –Acquire the evidence without altering or damaging the original –Authenticate the image –Analyze the data without modifying it
  • 6.
    6 6 Context of CyberForensics •Homeland Security •Information Security •Corporate Espionage •White Collar Crime •Child Pornography •Traditional Crime •Incident Response •Employee Monitoring •Privacy Issues •???? Digital Forensics Cyber Forensics
  • 7.
    7 A Brief Timeline 1970’s1980’s 1990’s 2000 200820032001 CyberCrime Legislation LEInvestigative Units InternationalLE Meeting 1stInternational ConferenceonCE IOCEFormed RCFLinUSA COEConvention onCyberCrime DFRWS ASCLD/LAB- DEUSA ISO17025 IOCE& SWGDE AAFS Subsection? Journals Conferences
  • 8.
    8 8 Crime Scenes Physical CrimeScenes vs. Cyber/Digital Crime Scenes Overlapping principals The basics of criminalistics are constant across both physical and cyber/digital Locard’s Principle applies – “When a person commits a crime something is always left at the scene of the crime that was not present when the person arrived”
  • 9.
    9 9 Digital Crime Scene DigitalEvidence – Digital data that establish that a crime has been committed, can provide a link between a crime and its victim, or can provide a link between a crime and the perpetrator (Carrier & Spafford, 2003) Digital Crime Scene – The electronic environment where digital evidence can potentially exist (Rogers, 2005) – Primary & Secondary Digital Scene(s) as well
  • 10.
    10 10 Forensic Principles Digital/ Electronicevidence is extremely volatile! Once the evidence is contaminated it cannot be de- contaminated! The courts acceptance is based on the best evidence principle – With computer data, printouts or other output readable by sight, and bit stream copies adhere to this principle.
  • 11.
    11 11 Cyber Forensic Principles ●The 6 Principles are: 1. When dealing with digital evidence, all of the general forensic and procedural principles must be applied. 2. Upon seizing digital evidence, actions taken should not change that evidence. 3. When it is necessary for a person to access original digital evidence, that person should be trained for the purpose. 4. All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review. 5. An Individual is responsible for all actions taken with respect to digital evidence whilst the digital evidence is in their possession. 6. Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles.
  • 12.
  • 13.
    13 13 Identification The first stepis identifying evidence and potential containers of evidence More difficult than it sounds Small scale devices Non-traditional storage media Multiple possible crime scenes
  • 14.
  • 15.
    15 15 Identification Context of theinvestigation is very important Do not operate in a vacuum! Do not overlook non-electronic sources of evidence Manuals, papers, printouts, etc.
  • 16.
    16 16 Collection Care must betaken to minimize contamination Collect or seize the system(s) Create forensic image Live or Static? Do you own the system What does your policy say?
  • 17.
  • 18.
  • 19.
    19 19 Collection: Documentation ●Take detailedphotos and notes of the computer / monitor – If the computer is “on”, take photos of what is displayed on the monitor – DO NOT ALTER THE SCENE
  • 20.
    20 20 Collection: Documentation Make sureto take photos and notes of all connections to the computer/other devices
  • 21.
    21 21 ● Rule ofThumb: make 2 copies and don’t work from the original (if possible) ● A file copy does not recover all data areas of the device for examination ● Working from a duplicate image – Preserves the original evidence – Prevents inadvertent alteration of original evidence during examination – Allows recreation of the duplicate image if necessary Collection: Imaging
  • 22.
    22 22 Collection: Imaging ●Digital evidencecan be duplicated with no degradation from copy to copy – This is not the case with most other forms of evidence
  • 23.
    23 23 Collection: Imaging Forensic Copies(Bitstream) Bit for Bit copying captures all the data on the copied media including hidden and residual data (e.g., slack space, swap, residue, unused space, deleted files etc.) Often the “smoking gun” is found in the residual data. Imaging from a disk (drive) to a file is becoming the norm Multiple cases stored on same media No risk of data leakage from underlying media Remember avoid working for original Use a write blocker even when examining a copy!
  • 24.
    24 24 Imaging: Authenticity &Integrity ●How do we demonstrate that the image is a true unaltered copy of the original? -Hashing (MD5, SHA 256) ●A mathematical algorithm that produces a unique value (128 Bit, 512 Bit) – Can be performed on various types of data (files, partitions, physical drive) ●The value can be used to demonstrate the integrity of your data – Changes made to data will result in a different value ●The same process can be used to demonstrate the image has not changed from time-1 to time-n
  • 25.
    25 25 Examination Higher level lookat the file system representation of the data on the media Verify integrity of image – MD5, SHA1 etc. Recover deleted files & folders Determine keyword list – What are you searching for Determine time lines – What is the timezone setting of the suspect system – What time frame is of importance – Graphical representation is very useful
  • 26.
    26 26 Examination Examine directory tree – Whatlooks out of place – Stego tools installed – Evidence Scrubbers Perform keyword searches – Indexed – Slack & unallocated space Search for relevant evidence types • Hash sets can be useful • Graphics • Spreadsheets • Hacking tools • Etc. Look for the obvious first When is enough enough??
  • 27.
    27 Issues lack of certificationfor tools Lack of standards lack of certification for professionals lack of understanding by Judiciary lack of curriculum accreditation Rapid changes in technology! Immature Scientific Discipline 27
  • 28.
  • 29.
  • 30.

Editor's Notes

  • #5 Application of laws very NB. Discuss this.
  • #6 Why are these so importnat
  • #22 Never do anything that might inadvertently cause something to be written to the suspect’s original media.
  • #23 Whether analyzed on site or taken to the lab, it is essential to protect the integrity of the data. A duplicate image, also known as a bit-copy, image, or clone, is an exact, bit-for-bit copy of the source media. A duplicate image of a physical device will be a true, digital copy of the entire physical device, including partition tables, reserved areas, partitions and unused areas of the device. A duplicate image of a logical drive will be a bit-for-bit copy of the original logical drive, including Boot Record, FATs, Root Directory, Data Area, and Partition Slack.
  • #25 Developed in 1994, MD5 is a one-way hash algorithm that takes any length of data and produces a 128 bit value, that is a “fingerprint” or “message digest”. This value is “non-reversible”; it is “computationally infeasible” to determine the data based on the value. This means someone cannot figure out your data based on its MD5 value. Here is an example of a MD5 output for the data area:   Processing Data Area: sectors 3246-1648013 MD5 Checksum for: Data Area = 945df74c54de310690e17487d6203876   The actual value is 945df74c54de310690e17487d6203876 A mathematical algorithm was applied to the "Data area" to produce the value (to learn the mathematical details about the algorithm, check out RFC 1321 at http://www.cis.ohio-state.edu/rfc/rfc1321.txt.) Every time an MD5 hash is performed on the data area, it should result in the exact same value. If a different value is obtained, then the data area has been altered.  Source: www.enteract.com/~lspitz/md5.html Definitions Hash — A hash value (or simply hash) is a number generated from a string of data. The hash is substantially smaller than the data itself, and is generated by a formula in such a way that it is extremely unlikely that some other data will produce the same hash value. One-way hash function — An algorithm that turns data into a fixed string of digits, usually for security or data management purposes. The "one way" means that it's nearly impossible to derive the original data from the string. Message Digest (MD) — The representation of data in the form of a single string of digits, created using a formula called a one-way hash function. Algorithm — A formula or set of steps for solving a particular problem. To be an algorithm, a set of rules must be unambiguous and have a clear stopping point.