Embedded Files
Data Validation
Data Validation
Depending on the tool used you might need to validate the data afterwards. This is a multistep process:
Step 1: Calculate a hash value on the orginal drive.
Step 2: Calculate hash value of forensic image.
Step 3: Compare hash values. They should be identical!
What is hashing?
What is hashing?
Hashing condenses data into a fixed-length value, helping in detecting alterations or ensuring duplication accuracy. When downloading a file, comparing its hash value with the provided one verifies a successful download. Similarly, during forensic imaging, matching hash values between the original drive and the image confirm an accurate bit-for-bit copy.
Below I have provided demos of using various hashing algorithms in both Kali Linux and Microsoft Windows. I also show a GUI utility called Quickhash-GUI that can run in Windows, MacOS or Linux.
md5 Linux
md5 Linux
Linux: use the md5sum command
MD5 Windows
MD5 Windows
Windows PowerShell: Use Get-FileHash command and make sure you use the -Algorithm flag to specify the hashing algorithm you wish to use.
SHA1 Linux
SHA1 Linux
Linux: use the sha1sum command
SHA1 Windows
SHA1 Windows
Windows PowerShell: Use Get-FileHash command and make sure you use the -Algorithm flag to specify the hashing algorithm you wish to use.
SHA256 Linux
SHA256 Linux
Linux: use the sha256sum command
Sha256 Windows
Sha256 Windows
Windows PowerShell: Use Get-FileHash command and make sure you use the -Algorithm flag to specify the hashing algorithm you wish to use.
SHA512 Linux
SHA512 Linux
Linux: use the sha512sum command
SHA512 Windows
SHA512 Windows
Windows PowerShell: Use Get-FileHash command and make sure you use the -Algorithm flag to specify the hashing algorithm you wish to use.
Google Sites
Report abuse