dfxml_tool

dfxml_tool.py is a Python program for creating hash sets in the emerging Digital Forensics XML standard.

Currently the tool has three main functions:

  1. Given a collection of files, generate a list of file hashes in the Digital Forensics XML standard. Hash sets can include MD5, SHA1, and/or SHA256 hashes. Support for SHA-3 is coming soon!
  2. In addition to generating the hash set, dfxml_tool.py can also generate piecewise hash sets.
  3. Finally, dfxml_tool.py can ingest a DFXML file and output a plain text file of just the hash codes.

Digital Forensics XML is an emerging standard for distributing forensic information. The subset supported by dfxml_tool.py allows the creation of hash sets that optionally have file names, metadata about the files, and distribution information (e.g. hash set creator, publisher, redistribution limitations, security classification, and other information). The metadata created using the Dublin Core Metadata Initiative standard.

There are two ways to get dfxml_tool.py:

  1. You can download it as part of the  fiwalk package, where you will find it in the python/ directory.
  2. You can download the current version with this link.

Pages

Blogroll

Downloads

Meta

Tags

afflib aimage bulk_extractor fiwalk release tcpflow