Computer Forensics Tools & Techniques Catalog

Forensic Tool Functionalities

Forensic Functionality:	Hash Analysis
Description:	No description available.
Technical Parameters:	Tool host OS / runtime environment	Hash computation	Supported hash algorithms	Create and manage hashsets	Hash search- use of hashes or hash sets to identify files/objects of interest	Hash elimination- use of hash sets to filter out files/objects (e.g., "known good" or "known benign" files)	Hash de-duplication- use of hashes to eliminate identical files/objects
	N/A	N/A	N/A	N/A	N/A	N/A	N/A
	Windows	Hash files	MD5	Support for creating and managing hashsets	Search by hash supported	Tool support for hash elimination	Tool support for hash de-duplication
	Mac	Hash archive file contents	SHA1	Hashset management and creation not supported	Search by hash unsupported	Hash elimination unsupported	Hash de-duplication unsupported
	Linux	Hash e-mails	SHA2-256
		Hash media (e.g., hard drive, thumb drive, partition)	SHA2-512
		Hashing not supported	SHA3-256
			SHA3-512
			fuzzy hashing - ssdeep
			fuzzy hashing - PhotoDNA
			fuzzy hashing - other