Difference between revisions of "DFXML Piecewise Hashing"

From ForensicsWiki
Jump to: navigation, search
m (Created page with "Digital Forensics XML can be used to represent the results of piecewise hashing of individual files. Here is an example: <pre> <?xml version='1.0' encoding='UTF-8'?> <md5deep>...")
 
m (<run> was renamed <byte_run>)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
Digital Forensics XML can be used to represent the results of piecewise hashing of individual files.
+
[[:Category:Digital_Forensics_XML|Digital Forensics XML]] can be used to represent the results of piecewise hashing of individual files.  The [[md5deep]] suite now generates piecewise hashing results in DFXML when the <tt>-d</tt> option is provided.
  
 
Here is an example:
 
Here is an example:
Line 11: Line 11:
 
<filesize>46</filesize>
 
<filesize>46</filesize>
 
<mtime format='time_t'>1296497502.0</mtime>
 
<mtime format='time_t'>1296497502.0</mtime>
<byte_runs><run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></run>
+
<byte_runs><byte_run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></byte_run>
 
</byte_runs>
 
</byte_runs>
 
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
 
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
Line 20: Line 20:
 
<filesize>193</filesize>
 
<filesize>193</filesize>
 
<mtime format='time_t'>1296497462.0</mtime>
 
<mtime format='time_t'>1296497462.0</mtime>
<byte_runs><run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></run>
+
<byte_runs><byte_run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></byte_run>
 
</byte_runs>
 
</byte_runs>
 
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
 
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
Line 29: Line 29:
 
<filesize>19</filesize>
 
<filesize>19</filesize>
 
<mtime format='time_t'>1296497486.0</mtime>
 
<mtime format='time_t'>1296497486.0</mtime>
<byte_runs><run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></run>
+
<byte_runs><byte_run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></byte_run>
 
</byte_runs>
 
</byte_runs>
 
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
 
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
Line 35: Line 35:
 
</fileobject>
 
</fileobject>
 
</md5deep>
 
</md5deep>
<pre>
+
</pre>
  
 
[[Category:Digital Forensics XML]]
 
[[Category:Digital Forensics XML]]

Latest revision as of 19:16, 16 December 2012

Digital Forensics XML can be used to represent the results of piecewise hashing of individual files. The md5deep suite now generates piecewise hashing results in DFXML when the -d option is provided.

Here is an example:


<?xml version='1.0' encoding='UTF-8'?>
<md5deep>
<fileobject>
<filename>sample/bar.txt</filename>
<filesize>46</filesize>
<mtime format='time_t'>1296497502.0</mtime>
<byte_runs><byte_run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
<hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest>
</fileobject>
<fileobject>
<filename>sample/foo.txt</filename>
<filesize>193</filesize>
<mtime format='time_t'>1296497462.0</mtime>
<byte_runs><byte_run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
<hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest>
</fileobject>
<fileobject>
<filename>sample/somedir/baz.txt</filename>
<filesize>19</filesize>
<mtime format='time_t'>1296497486.0</mtime>
<byte_runs><byte_run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
<hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest>
</fileobject>
</md5deep>