I would like to start building some decent "notable" hash sets for use in my investigations, but have not found a decent Win32 utility for creating, organizing, and manipulating hash sets. The method I've used in the past is too cumbersome for serious work, which includes the manual creation of .hsh and .hke files in HashKeeper format. HSH file includes: file id hashset_id Filename Directory Hash File size Date modified Time modified Time zone Comments Date accessed Time accessed HKE file includes: hashset id name vendor package version authenticated flag notable flag initials number of files Description Date loaded Based on the number of hashes that HashKeeper and NSRL have compiled, I'm assuming they must have a better way to work with hash sets than manually creating and editing these .HSH and .HKE files. Since I want to share my notable hash sets, I will probably make good use of most (if not all) of the fields provided above so that my hashes are useful. Any advice is greatly appreciated! Mark G. Spencer Computer Forensics Examiner EvidentData, Inc. Phone: 909.948.7714 Direct Fax: 508.256.0463 Office Fax: 909.948.4365 Web: http://www.evidentdata.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 05:24:08 PDT