Monday, August 18, 2014

EnCase v7 EnScript to find files based on MD5 hash values

I had written a version of this years ago for EnCase v6 and I was recently asked to update it for EnCase v7.

One EnScript listed below will generate a text files of SELECTED files. That text file can then be used on subsequent cases to help find/identify files with the same hash value.

To use, you do not need to generate hash values, the EnScript will do it automatically. The second EnScript is also optimized to first match file sizes first before generating/comparing hash values to help reduce the time needed for the comparison, thus saving the need to hash everything in the case and then using a filter to identify files that match a particular hash set.

Any files found that match the size/hash value in the specified text file are bookmarked for later review/export.

Download v7 EnScript to create text file with name, size & hash for later comparison
Download v7 EnScript to do comparison 

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles