Skip to main content

Hash Sets

FEX hash sets are sourced from hashsets.com and are available to Forensic Explorer customers with current software maintenance.

Hash sets are placed in the “\user\Documents\Forensic Explorer\HashSets\” folder. Compatible Hash Set formats are:

  • Forensic Explorer.edb3
  • EnCase.hash (EnCase 6,7,8)
  • Plain Text
  • ProjectVic

Good Hash

Source:

HashSets.com

File Name:

Encase_6_or_7_or_8_MD5_only_Whitehash.zip

Modified/Size:

2020-07-25 07:51 681M

Download:

Contact support@getdata.com

About:

All Known-Good/Non-Threatening hash values in one file.

Use:

These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).

Bad Hash

Source:

HashSets.com

File Name:

Encase_6_7_or_8_Black_or_Gray_HashSets.zip

Last Modified:

2018-12-10 13:52

Size:

9.9 Mb

Download:

Contact support@getdata.com

About:

‘Notable’, ‘Suspicious’ or ‘Significant’ hash values involving possibly malicious and/or unwanted software and utilities including:
– SQL Injection Tools, Packers, Brute forcing
– Flooders, Denial of Service (DoS)
– Defacers, Cracking, Rippers
– Recon, Killers, All in One (AIO) Tools
– Credit Card Generators, Key Generators, Sniffers
– Password Gathering, Nukers, Network Testing
– File Sharing artifacts from Peer-to-Peer (P2P) sites
– Red-herring (files annotated or described with a particular non-threatening name but actually designed or coded for nefarious purposes)
– Carrier Pigeon Archives (compressed files such as ZIP, RAR, GZIP, CAB, etc, that were identified in transporting any significant, notable or alert files).

Use:

These provided hash values can be utilized to assist in the identification of possibly threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, Malware Analysis, etc).

Operating Systems

Source:

HashSets.com

File Name:

Operating_Systems_Encase_6_or_7_or_8_using_MD5_only.zip

Modified/Size:

2020-07-25 08:55 404M

Download:

Contact support@getdata.com

About:

Operating System Hash Sets: MS Windows, Linux, macOS, BSD and Solaris

Use:

These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).

Applications and Drivers

Source:

HashSets.com

File Name:

Encase_6_or_7_or_8_Applications_and_Drivers.zip

Last Modified:

2020-03-18 21:56 175M

Download:

Contact support@getdata.com

About:

N/A

Use:

These hash values can be utilized to assist in the elimination of applications and drivers from a case.

Duplicates Removed:

Yes

MAC Applications

Source:

HashSets.com

File Name:

Encase_MD5_Mac_App_Store.hash

Last Modified:

2017-11-17 10:56

Size:

27 Mb

Download:

Contact support@getdata.com

About:

OS X Mac Applications (Known Good/Non-Threatening).
The attached zip file contains hash values derived from Mac OS X Applications commonly found within the Mac App Store. Specifically, more than 2,000 common Utilities, Finance, Travel, Graphics & Design, Games, Business and Education apps which were subsequently installed, analyzed and then gathered into MD5, SHA-1 and SHA-256 hash sets.

Use:

These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).

US Government

Source:

HashSets.com

File Name:

Encase_MD5_US_Goverment.hash

Last Modified:

2016-09-05 07:59

Size:

17 Mb

Download:

Contact support@getdata.com

About:

The attached hash set contains more than 963,490 common non-threatening known hash values consisting of US Government (federal, state, local and military) publicly accessible website images, logos, multimedia files, office documents (.doc, .pdf, .xls, .ppt, etc).

Use:

These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).