Difference between pages "File:Hashkeeper.txt" and "DFXML Piecewise Hashing"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Create hashkeeper files, which can be imported into Encase. Given an input file containing a list of target files to be hashed the script will produce a pair of files in Hashkeeper format. This pair can then be imported into EnCase.)
 
m (Created page with "Digital Forensics XML can be used to represent the results of piecewise hashing of individual files. Here is an example: <pre> <?xml version='1.0' encoding='UTF-8'?> <md5deep>...")
 
Line 1: Line 1:
Create hashkeeper files, which can be imported into Encase.
+
Digital Forensics XML can be used to represent the results of piecewise hashing of individual files.
  
Given an input file containing a list of target files to be hashed the script will produce a pair of files in Hashkeeper format. This pair can then be imported into EnCase.
+
Here is an example:
 +
 
 +
 
 +
<pre>
 +
<?xml version='1.0' encoding='UTF-8'?>
 +
<md5deep>
 +
<fileobject>
 +
<filename>sample/bar.txt</filename>
 +
<filesize>46</filesize>
 +
<mtime format='time_t'>1296497502.0</mtime>
 +
<byte_runs><run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></run>
 +
</byte_runs>
 +
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
 +
<hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest>
 +
</fileobject>
 +
<fileobject>
 +
<filename>sample/foo.txt</filename>
 +
<filesize>193</filesize>
 +
<mtime format='time_t'>1296497462.0</mtime>
 +
<byte_runs><run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></run>
 +
</byte_runs>
 +
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
 +
<hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest>
 +
</fileobject>
 +
<fileobject>
 +
<filename>sample/somedir/baz.txt</filename>
 +
<filesize>19</filesize>
 +
<mtime format='time_t'>1296497486.0</mtime>
 +
<byte_runs><run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></run>
 +
</byte_runs>
 +
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
 +
<hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest>
 +
</fileobject>
 +
</md5deep>
 +
<pre>
 +
 
 +
[[Category:Digital Forensics XML]]

Revision as of 18:58, 7 February 2011

Digital Forensics XML can be used to represent the results of piecewise hashing of individual files.

Here is an example:


<?xml version='1.0' encoding='UTF-8'?>
<md5deep>
<fileobject>
<filename>sample/bar.txt</filename>
<filesize>46</filesize>
<mtime format='time_t'>1296497502.0</mtime>
<byte_runs><run file_offset='0' len='46'><hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest><hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest></run>
</byte_runs>
<hashdigest type='MD5'>0e886f6b08986269af98aedde53df23f</hashdigest>
<hashdigest type='SHA256'>21c35b5698f1e54d11ca8a41321d40d75797425013dfa1b640ab34d7efa7f1ac</hashdigest>
</fileobject>
<fileobject>
<filename>sample/foo.txt</filename>
<filesize>193</filesize>
<mtime format='time_t'>1296497462.0</mtime>
<byte_runs><run file_offset='0' len='193'><hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest><hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest></run>
</byte_runs>
<hashdigest type='MD5'>06f63e03ed5e1770a2ff753a76d04906</hashdigest>
<hashdigest type='SHA256'>82a217a76ebe5e6c0f768576a3e8fd9ba6de504c42360c23e08ddfa22e711ba0</hashdigest>
</fileobject>
<fileobject>
<filename>sample/somedir/baz.txt</filename>
<filesize>19</filesize>
<mtime format='time_t'>1296497486.0</mtime>
<byte_runs><run file_offset='0' len='19'><hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest><hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest></run>
</byte_runs>
<hashdigest type='MD5'>362aa248563e453588755f280387a3d4</hashdigest>
<hashdigest type='SHA256'>7a7c62947561b0b00c213d37d04edbe0c8de46282098b7216a23b25fa336f150</hashdigest>
</fileobject>
</md5deep>
<pre>

[[Category:Digital Forensics XML]]

The following page links to this file: