EnCase EnScript to hash selected files and provide SHA1_Base16 & SHA1_Base32 values
A fellow examiner asked for an EnScript that provides the base32 SHA1 hash value for selected files. This EnScript generates the common base16 SHA1 hash value for selected files. In addition, it converts the base16 SHA1 hash value to a base32 SHA1 value for use in limewire investigations.
To use, just select the files you want the SHA1 values for and then run the EnScript. The output is in the console tab.
Download here
4 comments:
Thanks so much for sharing this!
-Ian
Maybe you can help!! i am working on a case where I have a series of SHA1_Base16 message digests and I need to convert them to SHA1_Base32. I do not have the orignal files only the Base16 (Hex)SHA1's. ANY idea how one converts them, I am not sure if you need orignal file to generate or if they could be made from one to another (I believe they can). Could you point me in the correct direction??? I prefer a pearl or any linux script if possible...Thanks!!
I can certainly try and help you. Please contact me via email: lance(at)forensickb.com. Preferably send me a small sampling of the base16 sha hashes that you want to convert to base32, in the format you have them in. Don't paste them in an email, send me the file or a small portion of the file.
Hi Lance!!
Nice little script :-)
Sugestion for improvement:
Add various hashvalues that the script can use - eg sha1_base32, sha1_base64, TTH, MD4, eD2K etc
Make chek boxes to choose what values to calculate, and make the output in tab delimited format - this way it can be used in eg. Access or Excell
Just a thought :-)
Regards
Søren C, Denmark
Post a Comment