Hash Sets
FEX hash sets are sourced from hashsets.com and are available to Forensic Explorer customers with current software maintenance.
Hash sets are placed in the “\user\Documents\Forensic Explorer\HashSets\” folder. Compatible Hash Set formats are:
- Forensic Explorer.edb3
- EnCase.hash (EnCase 6,7,8)
- NSRL v2, v3
- Plain Text
- ProjectVic
Good
| Source: File Name: Modified: Size: Download: Use: |
HashSets.com Encase_6_or_7_or_8_MD5_only_Whitehash.zip 2020-07-25 07:51 681M Contact support@getdata.com All Known-Good/Non-Threatening hash values in one file. These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |
Bad
| Source: File Name: Modified: Size: Download: Use: |
HashSets.com Encase_6_7_or_8_Black_or_Gray_HashSets.zip 2018-12-10 13:52 9.9 Mb Contact support@getdata.com ‘Notable’, ‘Suspicious’ or ‘Significant’ hash values involving possibly malicious and/or unwanted software and utilities including: – SQL Injection Tools, Packers, Brute forcing – Flooders, Denial of Service (DoS) – Defacers, Cracking, Rippers – Recon, Killers, All in One (AIO) Tools – Credit Card Generators, Key Generators, Sniffers – Password Gathering, Nukers, Network Testing – File Sharing artifacts from Peer-to-Peer (P2P) sites – Red-herring (files annotated or described with a particular non-threatening name but actually designed or coded for nefarious purposes) – Carrier Pigeon Archives (compressed files such as ZIP, RAR, GZIP, CAB, etc, that were identified in transporting any significant, notable or alert files). |
Operating Systems
| Source: File Name: Modified: Size: Download: se: |
HashSets.com Operating_Systems_Encase_6_or_7_or_8_using_MD5_only.zip 2020-07-25 08:55 404 Mb Contact support@getdata.com Operating System Hash Sets: MS Windows, Linux, macOS, BSD and Solaris These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |
Applications and Drivers
| Source: File Name: Modified: Size: Download: Use: |
HashSets.com Encase_6_or_7_or_8_Applications_and_Drivers.zip 2020-03-18 21:56 175 Mb Contact support@getdata.com These hash values can be utilized to assist in the elimination of applications and drivers from a case. |
MAC Applications
| Source: File Name: Modified: Size: Download: Use: |
HashSets.com Encase_MD5_Mac_App_Store.hash 2017-11-17 10:56 27 Mb Contact support@getdata.com OS X Mac Applications (Known Good/Non-Threatening). The attached zip file contains hash values derived from Mac OS X Applications commonly found within the Mac App Store. Specifically, more than 2,000 common Utilities, Finance, Travel, Graphics & Design, Games, Business and Education apps which were subsequently installed, analyzed and then gathered into MD5, SHA-1 and SHA-256 hash sets.These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |
US Government
| Source: File Name: Modified: Size: Download: Use: |
HashSets.com Encase_MD5_US_Goverment.hash 2016-09-05 07:59 17 Mb Contact support@getdata.com The attached hash set contains more than 963,490 common non-threatening known hash values consisting of US Government (federal, state, local and military) publicly accessible website images, logos, multimedia files, office documents (.doc, .pdf, .xls, .ppt, etc).These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc). |