Decent Win32 utility for hash set creation, organization, and manipulation?

From: Mark G. Spencer <mspencer(at)evidentdata.com>
Date: Wed Jul 23 2003 - 17:05:43 EDT

I would like to start building some decent "notable" hash sets for use in my investigations, but have not found a decent Win32 utility for creating, organizing, and manipulating hash sets.

The method I've used in the past is too cumbersome for serious work, which includes the manual creation of .hsh and .hke files in HashKeeper format.

HSH file includes:

file id
hashset_id
Filename
Directory
Hash
File size
Date modified
Time modified
Time zone
Comments
Date accessed
Time accessed

HKE file includes:

hashset id
name
vendor
package
version
authenticated flag
notable flag
initials
number of files
Description
Date loaded

Based on the number of hashes that HashKeeper and NSRL have compiled, I'm assuming they must have a better way to work with hash sets than manually creating and editing these .HSH and .HKE files.

Since I want to share my notable hash sets, I will probably make good use of most (if not all) of the fields provided above so that my hashes are useful.

Any advice is greatly appreciated!

Mark G. Spencer
Computer Forensics Examiner
EvidentData, Inc.
Phone: 909.948.7714

Direct Fax: 508.256.0463
Office Fax: 909.948.4365
Web: 
http://www.evidentdata.com   


-----------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jul 24 08:48:46 2003