- Jesse Kornblum
Jesse Kornblum (1975-) is a former government computer investigator and now
computer forensics researcher who has written a number of papers and tools to advance the field. These papers include "Preservation of Fragile Digital Evidence by First Responders" in 2002 which presented the first automated tools for incident response. These tools allow an examiner to gather evidence with a minimum of disruption to the system and maximize the ability to take evidence to court. His other major paper, "Exploiting the Rootkit Paradox with Windows Memory Analysis" from 2006 highlighted the power of examining physical memory when searching formalware .In addition to papers, Jesse has authored a number of valuable computer forensics tools. His most notable, ssdeep, made use of a combination of hashing algorithms to help identify highly similar but not identical files; a vexing problem with no previous solutions. Although the idea was borrowed from
Andrew Tridgell 's spamchecker, it was the first use of such a technique in computer forensics and opened the field to similarity matching. The tool was accompanied by the paper "Identifying Almost Identical Files Using Context Triggered Piecewise Hashing."Papers
* [http://dx.doi.org/10.1016/j.diin.2006.12.002 Using Every Part of the Buffalo in Windows Memory Analysis]
* [http://www.csa.syr.edu/Jesse_Kornblum.pdf Preservation of Fragile Digital Evidence by First Responders]
* [http://dfrws.org/2006/proceedings/12-Kornblum.pdf Identifying Almost Identical Files Using Context Triggered Piecewise Hashing]
* [http://www.utica.edu/academic/institutes/ecii/publications/articles/EFE2FC4D-0B11-BC08-AD2958256F5E68F1.pdf Exploiting the Rootkit Paradox with Windows Memory Analysis]Tools
* [http://foremost.sf.net Foremost] - file carving
*md5deep - Recursive MD5, SHA-1, SHA-256, Tiger and Whirlpool client.
* [http://ssdeep.sf.net ssdeep] - Context Triggered Piecewise Hashing
Wikimedia Foundation. 2010.
