Hash Sets
FEX hash sets are sourced from hashsets.com and are available to Forensic Explorer customers with current software maintenance.
Hash sets are placed in the “\user\Documents\Forensic Explorer\HashSets\” folder. Compatible Hash Set formats are:
- Forensic Explorer.edb3
- EnCase.hash (EnCase 6,7,8)
- Plain Text
- ProjectVic
Good Hash
Source: |
HashSets.com |
File Name: |
Encase_6_or_7_or_8_MD5_only_Whitehash.zip |
Modified/Size: |
2020-07-25 07:51 681M |
Download: |
Contact support@getdata.com |
About: |
All Known-Good/Non-Threatening hash values in one file. |
Use: |
These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |
Bad Hash
Source: |
HashSets.com |
File Name: |
Encase_6_7_or_8_Black_or_Gray_HashSets.zip |
Last Modified: |
2018-12-10 13:52 |
Size: |
9.9 Mb |
Download: |
Contact support@getdata.com |
About: |
‘Notable’, ‘Suspicious’ or ‘Significant’ hash values involving possibly malicious and/or unwanted software and utilities including: – SQL Injection Tools, Packers, Brute forcing – Flooders, Denial of Service (DoS) – Defacers, Cracking, Rippers – Recon, Killers, All in One (AIO) Tools – Credit Card Generators, Key Generators, Sniffers – Password Gathering, Nukers, Network Testing – File Sharing artifacts from Peer-to-Peer (P2P) sites – Red-herring (files annotated or described with a particular non-threatening name but actually designed or coded for nefarious purposes) – Carrier Pigeon Archives (compressed files such as ZIP, RAR, GZIP, CAB, etc, that were identified in transporting any significant, notable or alert files). |
Use: |
These provided hash values can be utilized to assist in the identification of possibly threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, Malware Analysis, etc). |
Operating Systems
Source: |
HashSets.com |
File Name: |
Operating_Systems_Encase_6_or_7_or_8_using_MD5_only.zip |
Modified/Size: |
2020-07-25 08:55 404M |
Download: |
Contact support@getdata.com |
About: |
Operating System Hash Sets: MS Windows, Linux, macOS, BSD and Solaris |
Use: |
These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |
Applications and Drivers
Source: |
HashSets.com |
File Name: |
Encase_6_or_7_or_8_Applications_and_Drivers.zip |
Last Modified: |
2020-03-18 21:56 175M |
Download: |
Contact support@getdata.com |
About: |
N/A |
Use: |
These hash values can be utilized to assist in the elimination of applications and drivers from a case. |
Duplicates Removed: |
Yes |
MAC Applications
Source: |
HashSets.com |
File Name: |
Encase_MD5_Mac_App_Store.hash |
Last Modified: |
2017-11-17 10:56 |
Size: |
27 Mb |
Download: |
Contact support@getdata.com |
About: |
OS X Mac Applications (Known Good/Non-Threatening). The attached zip file contains hash values derived from Mac OS X Applications commonly found within the Mac App Store. Specifically, more than 2,000 common Utilities, Finance, Travel, Graphics & Design, Games, Business and Education apps which were subsequently installed, analyzed and then gathered into MD5, SHA-1 and SHA-256 hash sets. |
Use: |
These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |
US Government
Source: |
HashSets.com |
File Name: |
Encase_MD5_US_Goverment.hash |
Last Modified: |
2016-09-05 07:59 |
Size: |
17 Mb |
Download: |
Contact support@getdata.com |
About: |
The attached hash set contains more than 963,490 common non-threatening known hash values consisting of US Government (federal, state, local and military) publicly accessible website images, logos, multimedia files, office documents (.doc, .pdf, .xls, .ppt, etc). |
Use: |
These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |