The FTimes Project The HashDig Project The WebJob Project The PaD Project
Location: / Home
Welcome to The Integrity Project

This website is a working repository of information generated and/or maintained by The Integrity Project.

Incident response is fraught with constraints. Often, response handlers must work around the constraints imposed by the surrounding environment. For example, lack of physical or shell access, untrusted diagnostic programs, lack of encryption, many machines in need of investigation, et cetera. Therefore, tool designers need to take into account these issues and compensate, where possible. Further, tool builders need to design their tools with Daubert principles in mind. Specifically, such tools need to have open architectures and utilize open data formats so that other practitioners and tool builders may thoroughly understand and appreciate their operation.

Managing many systems and networks in parallel can be difficult and time consuming. Generally speaking, the more diverse these systems and networks are, the harder it becomes to manage them effectively and efficiently. Therefore, administrators need reliable tools that work well in centralized management schemes.

The goal of The Integrity Project is to build high quality tools that meet the needs of both incident response handlers and system administrators.


FTimes, short for File Topography and Integrity Monitoring on an Enterprise Scale, is system baselining and evidence collection tool that is lightweight, flexible, and conducive to intrusion analysis. FTimes was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.



HashDig technology is a collection of utilities designed to help practitioners automate the process of resolving MD5 hashes. In the early stages of an investigation, it is not typically possible or practical to examine all subject files. Therefore, practitioners need reliable methods that can quickly reduce the number of files requiring examination. One such method is to group files into two general categories: known and unknown. This method can be implemented quite effectively by manipulating hashes and comparing them to one or more reference databases. Even that, however, can take a significant amount of effort. HashDig technology attempts to reduce this burden through automation and the use of lightweight, open, and verifiable techniques.



A Payload and Delivery (PaD) file is a self-extracting executable which can be implemented as either a script or a program. In addition to extracting their payload, PaD executables support flexible payload delivery. In other words, the user controls if, when, and how a given payload will be delivered. Within the PaD framework, delivery refers to the act of running one or more commands to manipulate or otherwise make use of the extracted payload.



WebJob downloads a program over HTTP/HTTPS and executes it in one unified operation. The output, if any, may be directed to stdout/stderr or a Web resource. WebJob may be useful in incident response and intrusion analysis as it provides a mechanism to run known good diagnostic programs on a potentially compromised system. It can also support a variety of centralized management and host-based monitoring solutions (e.g., active processes, file integrity, patch level, package installation, etc.).


Navigation Tips

The top line of logos represent links to related projects. The location bar displays your current location within the site. It also allows you to navigate to higher locations within the site. The menu bar on the left lets you navigate the site in a hierarchical fashion. It expands and contracts as you move about the site.

Copyright 2000-2014 The FTimes Project, All Rights Reserved.
The FreeBSD Project SourceForge Logo KoreLogic, Inc.