Monday, August 08, 2005

Using md5deep

Thank you to Harlan Carvey for reminding me of Jesse Kornblum's md5deep. md5deep is a suite of tools to recursively compute a variety of hashes. It is not limited to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 MD5 algorithm. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 example below I run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sha256deep tool to provide sha256 hashes of various files. The -r flag initializes recursive behavior, and -z says display file size before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hash.

bourque:/home/analyst$ sha256deep -r -e -z *

93506 1a6da6a2a849eb27fb7522939afab63ec59bcdb9412c2460fe611543b573d95f
/home/analyst/2005-041-santini_air/sample

111 43450978e07f87dfbc4918fec928209c54f4d5804367960fbde617e71ee50985
/home/analyst/2005-041-santini_air/sample.sha256

209.180.018.089.02001-156.023...: 391MB of 1405MB done, 00:01:22 left

The last entry shows sha256deep is busy computing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hash for a 1405 MB file. By passing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 -e flag, I told cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program to estimate time until hash completion. This is useful for processing large files. The resulting hash is eventually shown below.

1473577526 3f4eb24ae943dba4bdb1126540d309854824ac64ff6f288020c9c2bdc4793de9
/home/analyst/2005-041-santini_air/209.180.018.089.02001-156.023.170.238.02001

md5deep and related tools simplify maintaining forensic evidence as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 program can rapidly produce hashes in an investigator-friendly format. There's also a FreeBSD port. For forensic applications, you would save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hashes to a file instead of standard output.

2 comments:

Anonymous said...

If interested, wininterrogate http://winfingerprint.sourceforge.net can do something similar to md5deep. It only supports MD5 and SHA-1 currently but can also provide some extra information that is useful. Win32 platform only.

Anonymous said...

I maintain a list of MD5 hashes for malicious or suspect files that I come across in my work. To use such a list as a comparison source be sure to have exactly two spaces between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hash and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 filename. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise md5deep won't work properly.