Skip to main content

Hash Sets

FEX hash sets are sourced from hashsets.com and are available to Forensic Explorer customers with current software maintenance.

Hash sets are placed in the “\user\Documents\Forensic Explorer\HashSets\” folder. Compatible Hash Set formats are:

  • Forensic Explorer.edb3
  • EnCase.hash (EnCase 6,7,8)
  • Plain Text
  • ProjectVic


Good

Source:
File Name:
Modified:
Size:
Download:
Use:
HashSets.com
Encase_6_or_7_or_8_MD5_only_Whitehash.zip
2020-07-25 07:51
681M
Contact support@getdata.com
All Known-Good/Non-Threatening hash values in one file.
These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).


Bad

Source:
File Name:
Modified:
Size:
Download:
Use:
HashSets.com
Encase_6_7_or_8_Black_or_Gray_HashSets.zip
2018-12-10 13:52
9.9 Mb
Contact support@getdata.com
‘Notable’, ‘Suspicious’ or ‘Significant’ hash values involving possibly malicious and/or unwanted software and utilities including:
– SQL Injection Tools, Packers, Brute forcing
– Flooders, Denial of Service (DoS)
– Defacers, Cracking, Rippers
– Recon, Killers, All in One (AIO) Tools
– Credit Card Generators, Key Generators, Sniffers
– Password Gathering, Nukers, Network Testing
– File Sharing artifacts from Peer-to-Peer (P2P) sites
– Red-herring (files annotated or described with a particular non-threatening name but actually designed or coded for nefarious purposes)
– Carrier Pigeon Archives (compressed files such as ZIP, RAR, GZIP, CAB, etc, that were identified in transporting any significant, notable or alert files).


Operating Systems

Source:
File Name:
Modified:
Size:
Download:
se:
HashSets.com
Operating_Systems_Encase_6_or_7_or_8_using_MD5_only.zip
2020-07-25 08:55
404 Mb
Contact support@getdata.com
Operating System Hash Sets: MS Windows, Linux, macOS, BSD and Solaris
These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).


Applications and Drivers

Source:
File Name:
Modified:
Size:
Download:
Use:
HashSets.com
Encase_6_or_7_or_8_Applications_and_Drivers.zip
2020-03-18 21:56
175 Mb
Contact support@getdata.com
These hash values can be utilized to assist in the elimination of applications and drivers from a case.


MAC Applications

Source:
File Name:
Modified:
Size:
Download:
Use:
HashSets.com
Encase_MD5_Mac_App_Store.hash
2017-11-17 10:56
27 Mb
Contact support@getdata.com
OS X Mac Applications (Known Good/Non-Threatening).
The attached zip file contains hash values derived from Mac OS X Applications commonly found within the Mac App Store. Specifically, more than 2,000 common Utilities, Finance, Travel, Graphics & Design, Games, Business and Education apps which were subsequently installed, analyzed and then gathered into MD5, SHA-1 and SHA-256 hash sets.These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).


US Government

Source:
File Name:
Modified:
Size:
Download:
Use:
HashSets.com
Encase_MD5_US_Goverment.hash
2016-09-05 07:59
17 Mb
Contact support@getdata.com
The attached hash set contains more than 963,490 common non-threatening known hash values consisting of US Government (federal, state, local and military) publicly accessible website images, logos, multimedia files, office documents (.doc, .pdf, .xls, .ppt, etc).These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).