Computer Forensics and Data Analysis
Software Training Services  
      Search:

Maresware Programs G through K

Includes: Hash / HK_Hash / Hash_CD / Hashcmp / Hash_dup / Kiting

Files A-C  |  Files D-F  |  Files G-K  |  Files L-O  |  Files P-S  |  Files T-Z  |

All programs are command line programs.
MUST be run within a command window as administrator.

Reminder, The software is now free, and (generally) UNSUPPORTED.

Hash
Calculate the CRC, MD5, SHA1, or SHA2 hash of a file

Be sure to check the help file for additional information about this program.

HASH_LINES new as of June 24, 2013, a program to hash individual lines of a text file.

Also of interest is the file HASH FAQS which provides information on the hashing algorithms, and methods of using the programs. The article: Data Integrity describes and shows shows how the Maresware hash programs can be used to validate data and file integrity.

Hash is designed to calculate a 32 bit CRC, 128 bit MD5 hash, 160 bit Secure Hash Algorithm (SHA1), or the SHA2  (256, 384 or 512 bit) of a file.

Its default produces an excellent fixed length output which can be imported into a database for analysis. In addition, its default output is a catalog of files.

The 32 bit versions provide access to the 3 file date/times of NT and WIN9x. They also process Multiple Data Streams on NTFS.

The 16 bit version has been modified so that it does not alter the last access date when run under a DOS boot.

The program will calculate the hash value for:

  • a single file
  • files (i.e., *.exe) in an entire directory
  • files in an entire path (i.e., c:\program files)
  • files on an entire logical drive. (i.e., c:\)
  • multiple drives at once (i.e., c:\  d:\  e:\).

Hash values of files are commonly used to verify the state of a file at a certain time. Similar hash values indicate that the files are identical. Different hash values mean the files have differences. These similarities or differences have applications in forensic verification, virus detection, file authenticity and other areas.

Users of HashKeeper data sets might be interested in the batch files at the FTP site.

This program is available for Linux (Intel) as part of Maresware: Linux Forensics and also for some SUN platforms.

 |  Get the 16 bit .exe  |  GET the 32 bit .exe  |  GET the 64 bit .exe  | 
View the html help file.  | 
GET a zip file containing: 32 bit .exe, with sample files and a sample batch run  | 
 |  Get hash_lines .exe, which will hash each text line.  | 
Top

HK_Hash
Calculate the MD5 hash of a file and create a Hashkeeper compatable output

Be sure to check the hk_hash help file for additional information about this program.

HK_Hash is a smaller version of Hash which is specially designed to calculate the 128 bit MD5 hash of a file(s) and create a comma delimeted output that is compatable with the hashkeeper requirements for a file which it to be loaded/imported into the hashkeeper data base.

Its default produces a comma delimited record with fields required by hashkeeper. The fields contain enough information to satisfy most users hashing needs. However, because it was designed specifically to work with hashkeeper, the options available for refining its output and files which are found has been limited. Which means you can't do size, date/time restrictions as you can with hash, and you can't do a lot of other options for file selection.

The program will calculate the hash value for:

  • a single file
  • files (i.e., *.exe) in an entire directory
  • files in an entire path (i.e., c:\program files)
  • files on an entire logical drive. (i.e., c:\)
  • multiple drives at once (i.e., c:\  d:\  e:\).
 |  GET the 32 bit .exe  | 
 |  View the html help file.  | 
Top

Hashcmp
Display differences in 2 Hash output files

Be sure to check the help file for additional information about this program.

Hashcmp can be used to compare the contents, line by line, of two files with similar records. When it finds records in one file that do not have a match in the other file, the program displays the mismatch on the screen. It is designed to display the differences in output files produced by the Maresware Hash program.

This procedure can be used to identify any files which may have been altered in the time interval between the first and second outputs.

Under certain circumstances Hashcmp can also compare 2 outputs of Diskcat, Crckit and other programs which produce fixed CR/LF records.

 |  GET the 32 bit .exe  |  GET the 32 bit hashcmpv version  |  GET sample files and a batch file.
 |  View the html help file.  | 
Top

Hash_dup
Find duplicate records in output of Hash

Be sure to check the help file for additional information about this program.

After creating an output file from the Maresware Hash program (using the -v option) the user may want to know which files are identical. To find out, you need to compare the hashes of the files. The program (hash_dup.exe) will take the output file created from the running of the hash.exe program, and compare the hashes of all the files listed in that output file. It then takes all the duplicate records and places them in an output file. This new output file contains instances of files that are identical based on hash values. This program can also make comparisons if the value is an SHA value.

This program is available for free download. However, it really has no usefulness unless run against the output of Maresware's Hash. It will process 150,000 records. However, by using the included batch file you can process an unlimited number of records.

 |  GET the 32 bit .exe  |  GET sample file and batch  | 
 |  View the html help file.  | 
Top

Hexdump, Hexedit, Hexsect
Hexdump: Display a file in hexadecimal format
Hexdump1: (old free version)Display a file in hexadecimal format
Hexdump2: (old free version)Display a file in hexadecimal format
Hexedit: Edit a file in hexadecimal or ASCII format
Hex_sect: Display and edit specific sectors of a disk

ONLY THE HEXDUMP PROGRAM IS CURRENTLY WORKING IN WIN7 AND ABOVE

Be sure to check the help file for additional information about this program.

This Hexd* series of programs is designed to either display and/or edit files or disk sectors. The programs will take a file/sector and display the hexadecimal equivalent of the characters in the file.

Each program has its own specific way of displaying the data. The programs designed to edit the data (Hexedit, Hex_sect) will allow you to edit in ASCII or hex mode.

View the html help file.  |  Get hexdump.exe  | 

Top

Hpa

This is a 16 bit program, no longer available or practical.

Ispgp
List all PGP type files(2.6.2 and some 5.x)

Be sure to check the help file for additional information about this program.

Ispgp can search either an entire disk or just specified directories for files that are PGP related files. PGP related files include: PGP encrypted files; PGP keyrings (secret and public); PGP signature files.

Ispgp will search for files of PGP type and indicate on the screen what type of files it finds. The output can be redirected > to an output file.

Because of the algorithm used, false positives may show up, but these can easily be checked out and eliminated as non-PGP files.

Later versions (mostly PGPmail®, and PGP55®) use default algorithms other than the idea algorithm and RSA. Because of this, the program may not always detect files generated by these current versions. An updated Ispgp is being developed to detect these files.

The 16 bit version, when run from a DOS boot, will not alter access dates.

 |  GET the .exe  |  GET the 32 bit.exe  | 
 |  View the html help file.  | 
Top

Kiting
Calculate date difference between two fields

Be sure to check the help file for additional information about this program.

Kiting will take a fixed length record and analyze two fields containing dates. It calculates the difference of two date fields and then appends to the record a 5 digit number representing the difference in days between the two dates.

The dates can be in different years and it will still give the proper day difference.

It can also calculate a CYCLE difference.

Kiting is insensitive to different formats, and will detect any normal U.S. date.

The 16 bit version of Kiting is provided free on the free software page. The 32 bit has not been recompiled. If you need it, contact Dan.

 |  GET the 16 bit .exe  |  View the html help file.  | 

Top

Home  |  Whats New  |  How to Order  |  Training  |  Services  |
About Us  |  FAQs  |  Articles  |  Resources  |  Legal Notices  |  Returns/Refunds  |  Contact Us  |
Files A-C  |  Files D-F  |  Files G-K  |  Files L-O  |  Files P-S  |  Files T-Z  |
 |  SoftwareData Analysis Software  |  Forensic Processing Software  |  Linux Processing Software  |
Complete helpfile.zip  | Complete pdf_s.zip  | Complete 16 bit software.zip  | Complete 32 bit software.zip  |
 
copyright 1998-2016 by Mares and Company, LLC