Thursday, April 25, 2019

Ways to Hash a File


So, you have begun your incident response and for documentation purposes you need to 
document the hashes of files.  Or you have imaged some media, perhaps memory. And you 
want the hashes of the image files.

In this post, I will outline a few ways to do so with some tools native to windows and some 
non-native tools.

___________________________________________________________________________
1. PowerShell (Get-FileHash)

Get-FileHash

Get-FileHash [-Path] <string[]> [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 
|MACTripleDES | MD5 | RIPEMD160}]


*Note
-(-al) can be abbreviated for Algorithm
- semicolon (;) to conjoin commands


Example:





The above command is hashing "hash_this.txt" with a MD5 and SHA1 algorithm.









___________________________________________________________________________ 

      2.   Certutil(-hashfile)





The above command is hashing "hash_this.txt" in an MD5 format





Example:
Certutil -hashfile <FILENAME><HASH ALGORITHM>











___________________________________________________________________________

3. MD5deep and SHA1deep

In your Incident Response kit, it would be a potentially good idea to have a subset of tools for
hashing.  MD5 deep, hashdeep, and SHA1deep are some possible options for you to do so.

Link to Download of MD5 deep:























Example: md5deep64.exe <FILENAME>











*Note

There is also SHA1 deep, SHA256 deep, and a few other algorithm hashing exes from
the download link that works the same way as MD5 deep.





 ___________________________________________________________________________
4.  Hashing with MacOS and Linux

For MacOS:
Opening a terminal and using the command md5, shasum, or shasum -a 256 with the path to
the file will return a file hash.

Example:
md5 <FILEPATH>
md5 -r <FILEPATH>
openssl md5 <FILEPATH >


For Linux:
Opening a terminal and using the command md5sum, sha1sum, or sha256sum with the path to
the file will return a file hash.

Example
md5sum <FILEPATH>
sha1sum<FILEPATH>
sha256sum<FILEPATH>























___________________________________________________________________________



In conclusion, these are only a few ways to hash a file.  There are several more.  

There are also some 3rd party options, “HashTab” which adds a tab in the File’s Properties 
that details the hash.  

As well as “Hash Generator” and NitSoft’s “HashMyFiles” tool.  

And most forensics tools will include a hashing feature ability.  

But for an on the fly way, do remember that there are some command line methods to use at 
your helm. 



--Bryan






















No comments:

Post a Comment