Scribd
Upload
8 views2 pages

تكليف الجودة التحقيق الرقمي ١

Uploaded by

bnhatm216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views2 pages

تكليف الجودة التحقيق الرقمي ١

Uploaded by

bnhatm216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Computer Forensics

:‫بعنوان‬
‫؟‬Hash ‫هل يمكن استخراج القيمة األصلية من قيمة‬
.‫مع شرح احترافي وبسيط‬

Homework – Lecture 2: Computer Forensics


:Question
?If I obtain a hash value, can I extract or recover the original data from it

:Answer
No, in general, it is not possible to extract the original data from a hash value. This
.is by design

:Explanation
A hash function is a one-way mathematical function used to convert input data
(such as text, file, or password) into a fixed-size string of characters, which is called a
.hash

:Key Properties of Hash Functions


Description Property

One-way
.Cannot reverse the hash to get the original input
function

.Same input always gives the same hash Deterministic

Output is always the same length, regardless of Fixed output


.input size size

Hard to find two different inputs that produce the Collision-


.same hash resistant

Fast
.Can quickly compute a hash value from any input
computation

?Why Can't We Reverse a Hash


:Because the hash function loses information during the transformation. For example
hello" → 5d41402abc4b2a76b9719d911017c592 (MD5)"
There is no way to "go backward" and recover "hello" just from the hash, unless you
.already know or guess the input

:Real-world Example in Forensics


:In digital forensics, investigators use hashes (like MD5, SHA-1, SHA-256) to
Verify file integrity 
Detect tampering 
Identify known files via hash databases 
But they do not use hash values to find original files, because it's computationally
.infeasible

:Exception – Hash Cracking Attempts


While hash functions are not reversible, attackers sometimes try to crack hashes
:using methods like
Brute-force attacks 
Rainbow tables 
Dictionary attacks 
.These rely on guessing inputs, not reversing the function
Example: If attacker knows the hash is for a password of 6 lowercase letters, they 📌
.may try all possible combinations
Still, this is not guaranteed and becomes very difficult for complex inputs or salted
.hashes

:Conclusion
Hash functions are not reversible by design. If you have a hash value, you cannot
.extract the original data directly from it
.In forensics, hash values are used for verification and integrity, not recovery

:‫ملخص باللغة العربية‬


.‫) ال يمكن عكسها؛ ال يمكن استخراج القيمة األصلية منها‬Hash( ‫دالة الهاش‬ 
.‫ُتستخدم الهاشات في التحقق من سالمة البيانات وليس السترجاعها‬ 
،‫يمكن للمهاجمين أحياًنا تخمين القيمة األصلية باستخدام القوة الغاشمة‬ 
.‫لكن ذلك صعب جًدا‬
‫ ُتستخدم قيمة الهاش لمقارنة‬،‫ في التحقيقات الجنائية الرقمية‬،‫لذلك‬ 
.‫ وليس الستخراج محتواها‬،‫الملفات‬

You might also like