Forensic Tools

HashMyFiles

Description

HashMyFiles is a windows application that allows the user to import files and generate different file hashes, including: MD5, SHA1, CRC32, SHA-256, SHA512, SHA-384.

When working on any type of forensics case, it is best practice to hash the files upon receiving them. This hashing will provide a base point for each files. If the files are changed at any time point in time they can be rehashed and compared to the original hash. If the hashes are equivalent, the files have not be modified. If the hashes are different, the files have been modified.

Review

The tool only makes basic hashes and includes limited functionality. It is great for generating hashes but little else.

Pros:

Using a tool such as HashMyFiles generates more than one kind of hash. Although rare, it is possible to have a hash collision (the contents have been modified but generates the same hash). This program uses several algorithms when hashing to ensure there are no collisions.

The program is very straightforward and easy to use. The user is able to import files by using the included import options or dragging the files into the program

The program included the option to export the list of hashes as either a TXT or .html file. These files can be saved in order to be compared to later

Cons:

The output files are not very useful for anything other than looking at. They are either text or html. It should have included a file format that could have been parsed, such as csv.

The program could be greatly improved by including the ability to compare hashes from a previous time period to identify if there are changes.

Usage

The following is an example on how the use the basic functionality of the program.

Before analyzing my iphone backup data, I wanted to hash the individual files to ensure the files were not modified in any manner.