Data archiving message digest functions

In addition to archiving the file, the system creates a digest for the file, that includes an MD5 checksum for the archive file, and other information. The digest file resides in the archive/digests folder, with the same name as the archive except with a .txt suffix.

The MD5 checksum, contained in the digests folder, can be used to verify that the file has not tampered with. To enhance the forensic capabilities of the system, the MD5 checksum is further encrypted to create a Security Code. This security code provides absolute tracking of information, and can only decipher by the vendor. (This might be useful in conflict resolution, for instance, or in detailed forensic analysis of the log file information.)

CHKSC program – Checking archive security codes

The chksc.exe program is included with BMC Defender Server, in the system directory, to allow you to determine whether any archive has tampered with. This program decrypts the security code for a particular digest file, and displays an indication of whether the archive has been tampered with. This might be essential to determine that chain-of-custody exists, necessary to prosecute certain types of cybercrimes.

The preceding command accepts either an archive date in YYYY-MM-DD format, or can also accept the pathname to a message digest function, including the .txt extension for the file.

Message digests are found in the BMC Defender Server archive directory and contain information about each archive. Because the message digest encrypted with a one-way algorithm, you cannot modify the message digest without detection, creating a verifiable chain of evidence regarding each archive, proving that the archive file has not been tampered with since it was created.