Md5deep
From Forensics Wiki
| md5deep | |
|---|---|
| Maintainer: | Jesse Kornblum |
| OS: | Cross-platform |
| Genre: | Hashing |
| License: | Public Domain |
| Website: | md5deep.sf.net |
md5deep is a suite of cross platform tools to compute and audit hashes for any number of input files. Although similar to other hashing programs like md5sum, it can also recursively traverse directory structures, use a variety of algorithms, and use files of known hashes to perform both positive and negative matching. Another program in the suite hashdeep can conduct a computer forensics audit. The programs runs on Microsoft Windows, Mac OS X, Linux, FreeBSD, Solaris, and most other *nix operating systems. It has been included in the Fink and FreeBSD Ports projects.
Algorithms Supported
md5deep currently supports MD5, SHA-1, SHA-256, Tiger, and Whirlpool.
File Formats
The md5deep suite can handle a wide variety of input and output file formats. It can use md5sum, BSD md5, Hashkeeper, iLook, and NSRL files as sources for known hashes. The suite does not support Encase hash files.
The output for md5deep can be controlled using command line switches, but in general is the hash, two spaces, and the filename.
210ece36fffb77ff660b0280d7655a9c /home/username/doc.txt
The -k switch can be used to add an asterisk like md5sum,
210ece36fffb77ff660b0280d7655a9c */home/username/doc.txt
The line terminator can be changed to a \0, or NULL character, using the -0 command line switch.
