The ability to hash files and to easily compare file hashes is a necessary capability when conducting Forensics.  There are a wide variety of tools out there that accomplish this, but unfortunately most are for Windows.  Even when you can find a tool, generally those tools fall flat.  One of the better tools I have encountered is called md5deep/hashdeep.  This brief tutorial and exercise will show you how to obtain the tool, links telling you how to install it, and a quick demo of basic capabilities.

Follow along with the demo and commands.  Either use the prepackaged folder of pics I provided you, or create your own.

cat_evidence.zip(14.26 MB) marcbudofsky, Mar 17 2013, 9:42 PM

Everything you need is here: http://md5deep.sourceforge.net/


You must Sign-In to post a comment.