EnCase EnScript to merge two hash sets (.hash) into one hash set
Okay, so you can probably tell by the last several posts I am doing a lot of work with hash sets right now. Following up on my previous posts, I had some hash sets from various servers that were created individually, but I later wanted to merge them together. I had written an EnScript to do this a few years ago, but quite honestly I have not used it lately and I noticed that there is a new HashMergeClass in EnCase, so I figured I would try it out.
The good part about the built-in HashMergeClass is that its faster than doing it all manually with an EnScript and it does the binary sorting/de-duping automagically. Anyways, here is a quick EnScript that will prompt for two *.hash files and then merge them together into one .hash file. The resulting merged file is placed into the root of your Hash Set root folder with the name of the two individual .hash files being used as the new filename. For example, if you have two hash sets named:
"Windows XP" and
"Windows 7"
The resulting merged file will be named:
"MERGED_Windows XP_Windows 7.hash".
Download Here
ShareThis
Posts
2 comments:
thank you, just saved me a major headache of getting encase to recognise five different hash sets for varying levels for one case, this allowed me to pull them all into one and hash the items (well its running how so hopefully it will work).
Hi Lance,
A be-lated thanks for making these scripts available, but for this one is there any way to make it so that it will merge numerous hash sets from a specified folder?
Thanks
Post a Comment