SHA-256, SSDeep and MD5 are all good and effective hashing algorithms used by forensic investigators to compute or calculate hash values for data objects such as files, special files and so on.
In this article, we will explore three ways these algorithms can be of a good help to forensic investigators.
Sometimes, forensic investigators need a tool to compute hash values of many files on a hard disk within the shortest possible time.
In this case, we can rely on MD5 otherwise known as message digest algorithm to accomplish this task. MD5 produces 128-bit hash value.
Although it is possible to generate two hash values from one input via MD5, MD5 algorithm is best suited if you want to compute hash values of many files or data objects very rapidly without wasting much time.
In addition, it also saves disk space because it produces small hashes as compared to SHA-256.
MD5 algorithm is not collision resistant. SHA-256 is able to deal with collision-resistant. In other words, attackers can not generate the same hash from a different input.
SHA-256 is best suited for integrity verification.
The only downside is: calculated hashes from SHA-256 is quite larger in size as compared to MD5 algorithm.
You can make use of SSDeep to examine similarities between two files and find the difference among files.