In July, I posted an EnScript that I wrote to import a text file containing the name, size and hash value of file(s) into a EnCase hash set (You can read it here).
I have modified the EnScript to import a simple text file containing just hash values. This was based on a request by a reader and it was a simple chage to make. This new version now imports a simple ASCII text file containing one hash value per line:
937D87886E076C3A9DFC41AF47430E40
AB9A6395505AB2912FA4C6D7927CF359
8D7CDC05145498CC65585171C0084378
F248F38E1A22C94D52E8277AFC89FD90
AF64E5AE9080B01B61344B7C7AF9C972
633395C2507E03AFB2F7DCF34B2B8831
D41D8CD98F00B204E9800998ECF8427E
AB9A6395505AB2912FA4C6D7927CF359
254D506F104A52486B005F9B2C2D3C37
7D1844587162237957143B353679EFF6
The EnScript will create a .hash file in your default export folder that can then be copied into your EnCase\Hash Sets\ folder and used inside EnCase.
Download Here (v5 & v6)
Thursday, August 16, 2007
Subscribe to:
Post Comments (Atom)
2 comments:
Lance,
Thanks! This is awesome.
-John
Lance, I just want to say thanks for making this available. I've been slogging my way through manual creation of Hashkeeper sets for years as a way to get external hashes into EnCase, and that approach is an exercise in tedium.
Your EnScript is EXACTLY what I've needed on many occasions, when clients have provided me with lists of filenames and hashes, without providing the actual files.
Thanks!
Jerry Hatchett
Evidence Technology
Houston, TX
Post a Comment