Difference between revisions of "Md5deep"

From ForensicsWiki
Jump to: navigation, search
m
(Added file format)
Line 13: Line 13:
  
 
md5deep currently supports [[MD5]], [[SHA-1]], [[SHA-256]], [[Tiger]], and [[Whirlpool]].
 
md5deep currently supports [[MD5]], [[SHA-1]], [[SHA-256]], [[Tiger]], and [[Whirlpool]].
 +
 +
== File Formats ==
 +
 +
The md5deep suite can handle a wide variety of input and output file formats. It can use [[md5sum]], [[BSD]] md5, [[Hashkeeper]], [[iLook]], and [[National Software Reference Library|NSRL]] files as sources for known hashes. The suite does not support [[Encase hash files]].
 +
 +
The output for md5deep can be controlled using command line switches, but in general is the hash, two spaces, and the filename.
 +
 +
<pre>210ece36fffb77ff660b0280d7655a9c  /home/username/doc.txt</pre>
 +
 +
The <tt>-k</tt> switch can be used to add an asterisk like [[md5sum]],
 +
 +
<pre>210ece36fffb77ff660b0280d7655a9c */home/username/doc.txt</pre>
 +
 +
The line terminator can be changed to a \0, or NULL character, using the <tt>-0</tt> command line switch.
  
 
== External Links ==
 
== External Links ==

Revision as of 11:38, 27 February 2007

md5deep
Maintainer: Jesse Kornblum
OS: Linux, Windows, OS X, BSD, Solaris
Genre: Hashing
License: Public Domain
Website: md5deep.sf.net

md5deep is a suite of cross platform tools to compute hashes of any number of input files. Although similar to other hashing programs like md5sum, it can also recursively traverse directory structures, use a variety of algorithms, and use files of known hashes to perform both positive and negative matching. The program runs on Microsoft Windows, Apple OS X, Linux, Solaris, and most other *nix operating systems. It also also been ported to FreeBSD and is part of the Fink project.

Algorithms Supported

md5deep currently supports MD5, SHA-1, SHA-256, Tiger, and Whirlpool.

File Formats

The md5deep suite can handle a wide variety of input and output file formats. It can use md5sum, BSD md5, Hashkeeper, iLook, and NSRL files as sources for known hashes. The suite does not support Encase hash files.

The output for md5deep can be controlled using command line switches, but in general is the hash, two spaces, and the filename.

210ece36fffb77ff660b0280d7655a9c  /home/username/doc.txt

The -k switch can be used to add an asterisk like md5sum,

210ece36fffb77ff660b0280d7655a9c */home/username/doc.txt

The line terminator can be changed to a \0, or NULL character, using the -0 command line switch.

External Links