HashKeeper

NDIC Home | What's New | Site Map | Search US DOJ.gov | To DOJ

Updated on November 17, 2009

Document & Media Exploitation

About NDIC
NDIC Products
About DOMEX Branch DOMEX News - Press Releases HashKeeper RAID - RAID Training
SENTRY
Dynamic Mapping Initiative
Training
Employment
FOIA
Related Links
Disclaimers
Regulations.gov
Contact Us

The mission of NDIC is to provide strategic drug-related intelligence, document and computer exploitation support, and training assistance to

the drug control, public health, law enforcement, and intelligence communities of the United States

in order to reduce the adverse effects of drug trafficking, drug abuse, and other drug-related criminal activity.

TTY users please call (814) 532-5815.

DOMEX - HashKeeper

DOMEX specialists created the HashKeeper software as its principal tool to expedite the analysis of electronic media. HashKeeper is a software application that quickly eliminates known operating system files and focuses on electronic files created by the user/subject of the investigation.

HashKeeper is an application created in 1998 to assist computer forensic examinations by reducing the number of files to be analyzed during the course of an investigation. HashKeeper works by storing MD5 hash values or "digital fingerprints" of common software applications and compares those hash values against the files encountered in a seized system. Files encountered in the seized system that match those in the HashKeeper database do not need to be examined. HashKeeper eliminates the need for an examiner to review files created during software installation and leaves behind primarily, user created files. In most instances, HashKeeper decreases the number of files that need to be examined by 50%.

HashKeeper is available free of charge, and thousands of this application have been distributed to appropriate law enforcement and intelligence agencies worldwide.

For further information on HashKeeper, contact: Ms. Lorrie Christman, 814-532-4982.

Please send all requests for Doc Ex and/or Comp Ex support as well as copies of RAID and/or HashKeeper to:

National Drug Intelligence Center
Document and Media Exploitation Branch
319 Washington Street, 5th Floor
Johnstown, PA 15901-1622

Telephone: (814) 532-4601
Fax: (814) 532-5854
E-mail: ndic.domex.request@usdoj.gov

If you have any further questions, please contact Ms. Lorrie Christman, 814-532-4982.

To Top

Freedom of Information Act | Accessibility Policy | DOJ Privacy Policy | Site Map
Send all questions, comments, and suggestions to the NDIC Webmaster.

End of page.