Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

Generate ED2K Hash Values

This EnScript will generate ED2K hash values for the purpose of comparing them to some known bad files based on those ED2K hash values.

ED2K (eDonkey 2000) hash values are documented here and are essentially MD4 hash values. If the file is larger than 9,728,000 bytes, then it is a MD4 of a hash list, with each chunk being hashed with MD4, then all the hash values of all the chunks are concatenated and then a hash is generated from that concatenated string.

This EnScript will generate the ED2K hash values for all files that are tagged with the "ED2K" label OR if no files are tagged with that label, the EnScript will hash all the file, excluding unallocated clusters and any internal file system files ($MFT, $Logfile, etc). When run, then EnScript will display a brief information page explaining the two options (tagging or all files).

This EnScript also has an auto update check function that check this blog for the latest version and it will notify you if there is a new release. If you do not have an Internet connection, the auto-check will timeout and the EnScript will function normally. All the ED2K hash values are written to the console with two fields; ED2k hash value [tab] Full Path. You can then copy this data into whatever format you wish (Excel). Since EnCase does not expose an MD4 hashing method to EnScript, this EnScript replies upon a DLL that I wrote that contains the ED2K hashing routine/logic (included in the zip). Simply unzip the archive file and place the EnScript (EnPack) and the DLL in the EnScript folder and then you can run from within EnCase.

http://www.forensickb.com Customized EnCase EnScript development (v6 & v7) Customized Forensic Automation / Workflow Efficiency

Download Now



Version: 1
Tested with:
EnCase Forensic 7.08
Developer: Lance Mueller
Category: General

6737 DOWNLOADS

YOU MAY ALSO LIKE

General

EnScript Finder

This helpful EnScript lets you search all your downloaded EnScripts and either launch them or open the folder where they were found.
By Guidance Software
9934 Downloads
App
General

MFT Date Comparator

This script is designed to identify potentially suspect files by analyzing timestamp differences in the NTFS MFT standard information and filename attributes of each file.
By Simon Key
7091 Downloads
App
General

What's New In App Central

This EnScript will find any new or updated EnScripts at EnCase App Central.
By Guidance Software
6603 Downloads
App
General

Old School Search Hit Viewer

The Old School Search Hit Viewer will display search hits in a table; the hits are highlighted with a user-specified amount of context visible around the search hit.
By Kimberly Stone
4785 Downloads
App