ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "DFXML Piecewise Hashing"

From ForensicsWiki
Jump to: navigation, search
m
m (<run> was renamed <byte_run>)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Digital Forensics XML can be used to represent the results of piecewise hashing of individual files.
+
[[:Category:Digital_Forensics_XML|Digital Forensics XML]] can be used to represent the results of piecewise hashing of individual files.  The [[md5deep]] suite now generates piecewise hashing results in DFXML when the <tt>-d</tt> option is provided.
  
 
Here is an example:
 
Here is an example:
Line 11: Line 11:
 
<filesize>46</filesize>
 
<filesize>46</filesize>
 
<mtime format='time_t'>1296497502.0</mtime>
 
<mtime format='time_t'>1296497502.0</mtime>
<byte_runs><run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></run>
+
<byte_runs><byte_run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></byte_run>
 
</byte_runs>
 
</byte_runs>
 
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
 
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
Line 20: Line 20:
 
<filesize>193</filesize>
 
<filesize>193</filesize>
 
<mtime format='time_t'>1296497462.0</mtime>
 
<mtime format='time_t'>1296497462.0</mtime>
<byte_runs><run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></run>
+
<byte_runs><byte_run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></byte_run>
 
</byte_runs>
 
</byte_runs>
 
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
 
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
Line 29: Line 29:
 
<filesize>19</filesize>
 
<filesize>19</filesize>
 
<mtime format='time_t'>1296497486.0</mtime>
 
<mtime format='time_t'>1296497486.0</mtime>
<byte_runs><run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></run>
+
<byte_runs><byte_run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></byte_run>
 
</byte_runs>
 
</byte_runs>
 
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
 
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>

Latest revision as of 23:16, 16 December 2012

Digital Forensics XML can be used to represent the results of piecewise hashing of individual files. The md5deep suite now generates piecewise hashing results in DFXML when the -d option is provided.

Here is an example:


<?xml version='1.0' encoding='UTF-8'?>
<md5deep>
<fileobject>
<filename>sample/bar.txt</filename>
<filesize>46</filesize>
<mtime format='time_t'>1296497502.0</mtime>
<byte_runs><byte_run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
<hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest>
</fileobject>
<fileobject>
<filename>sample/foo.txt</filename>
<filesize>193</filesize>
<mtime format='time_t'>1296497462.0</mtime>
<byte_runs><byte_run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
<hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest>
</fileobject>
<fileobject>
<filename>sample/somedir/baz.txt</filename>
<filesize>19</filesize>
<mtime format='time_t'>1296497486.0</mtime>
<byte_runs><byte_run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
<hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest>
</fileobject>
</md5deep>