Difference between pages "User talk:Vamsikothuru" and "DFXML Piecewise Hashing"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (Welcome!)
 
m (<run> was renamed <byte_run>)
 
Line 1: Line 1:
'''Welcome to ''Forensics Wiki''!'''
+
[[:Category:Digital_Forensics_XML|Digital Forensics XML]] can be used to represent the results of piecewise hashing of individual files.  The [[md5deep]] suite now generates piecewise hashing results in DFXML when the <tt>-d</tt> option is provided.
We hope you will contribute much and well.
+
 
You will probably want to read the [[Help:Contents|help pages]].
+
Here is an example:
Again, welcome and have fun! [[User:.FUF|.FUF]] 03:51, 6 February 2011 (PST)
+
 
 +
 
 +
<pre>
 +
<?xml version='1.0' encoding='UTF-8'?>
 +
<md5deep>
 +
<fileobject>
 +
<filename>sample/bar.txt</filename>
 +
<filesize>46</filesize>
 +
<mtime format='time_t'>1296497502.0</mtime>
 +
<byte_runs><byte_run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></byte_run>
 +
</byte_runs>
 +
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
 +
<hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest>
 +
</fileobject>
 +
<fileobject>
 +
<filename>sample/foo.txt</filename>
 +
<filesize>193</filesize>
 +
<mtime format='time_t'>1296497462.0</mtime>
 +
<byte_runs><byte_run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></byte_run>
 +
</byte_runs>
 +
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
 +
<hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest>
 +
</fileobject>
 +
<fileobject>
 +
<filename>sample/somedir/baz.txt</filename>
 +
<filesize>19</filesize>
 +
<mtime format='time_t'>1296497486.0</mtime>
 +
<byte_runs><byte_run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></byte_run>
 +
</byte_runs>
 +
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
 +
<hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest>
 +
</fileobject>
 +
</md5deep>
 +
</pre>
 +
 
 +
[[Category:Digital Forensics XML]]

Latest revision as of 18:16, 16 December 2012

Digital Forensics XML can be used to represent the results of piecewise hashing of individual files. The md5deep suite now generates piecewise hashing results in DFXML when the -d option is provided.

Here is an example:


<?xml version='1.0' encoding='UTF-8'?>
<md5deep>
<fileobject>
<filename>sample/bar.txt</filename>
<filesize>46</filesize>
<mtime format='time_t'>1296497502.0</mtime>
<byte_runs><byte_run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
<hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest>
</fileobject>
<fileobject>
<filename>sample/foo.txt</filename>
<filesize>193</filesize>
<mtime format='time_t'>1296497462.0</mtime>
<byte_runs><byte_run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
<hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest>
</fileobject>
<fileobject>
<filename>sample/somedir/baz.txt</filename>
<filesize>19</filesize>
<mtime format='time_t'>1296497486.0</mtime>
<byte_runs><byte_run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></byte_run>
</byte_runs>
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
<hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest>
</fileobject>
</md5deep>