The Hash Exporter extension plugin allows the forensics examiner to automate the process of creating a hash list of the files included in the image file. At Polito Inc., our forensic experts often rely on X-Ways Forensics to rapidly acquire and analyze digital computer evidence. Today Polito Inc. is pleased to announce that we are releasing the Hash Exporter extension for X-Ways.
Hash Exporter helps automate hash extraction and its completely command line based.
This is especially useful if we are processing a large number of images or need to perform a CPU intensive processing on faster hardware. X-Ways does not currently have a way to automate the creation of a unique file of hashes.
Sample Code:
D:\XWAYS>"c:\Program Files\X-Ways Forensics\xwb64.exe" "NewCase:D:\XWAYS\test" "AddImage:d:\XWAYS\testdisk.img" "XT:D:\XWAYS\XT_HashExporter.dll" RVS:~ autoIn the above command, we start a new case called "test" and add our image "testdisk.img", loading our extension "XT_HashExporter.dll". RVS stands for "Refine Volume Snapshot", which will hash the disc image for us while the DLL will write the hashes to a file. You can download the Hash Exporter extension from our Github page using the link below.
We got the idea for Hash Exporter from the X-Ways User Forum, as shown here:
If we can automate the exporting of hashes, we can easily update our windows hashsets after patch Tuesdays for all the versions of Windows.
Download Link: https://github.com/PolitoInc/X-Ways-HashExporter-Extension
If you think this extension is useful, let us know, and if you have ideas for new extensions please reach out to us at info@politoinc.com
Polito, Inc. offers a wide range of security consulting services including threat hunting, penetration testing, vulnerability assessments, incident response, digital forensics, and more. If your business or your clients have any cyber security needs, contact our experts and experience what Masterful Cyber Security is all about.
Phone: 571-969-7039
E-mail: info@politoinc.com
Website: politoinc.com