Hash Sets

Download hash sets and place them "\user\Documents\Forensic Explorer\HashSets\" folder. Compatible Hash Set formats are:

  • Forensic Explorer.edb3;
  • EnCase.hash (EnCase 6,7,8).

Download Hash Sets

Hash Set Name: White Hash Sets
File Name: Encase_6_or_7_or_8_Whitehash.zip
Release Date: 11 December 2017
Source: Whitehat Computer Forensics, LLC (HashSets.com)
Format:Guidance Software Encase (v6,7,8)
Download: Here (487 mb)
About: All Known-Good/Non-Threatening hash values in one file.
Use: These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).
Hash Set Name: MS Windows Applications
File Name: Encase_MD5_Windows_App_Store.hash
Release Date: 13 February 2017
Source: Whitehat Computer Forensics, LLC (HashSets.com)
Format:Guidance Software Encase (v6,7,8)
Download: Here (16.4 mb)
About: MS Windows Applications (Known Good/Non-Threatening).
The attached zip file contains hash values derived from MS Windows 8 and 10 Applications commonly found within the MS Windows App Store. Specifically, more than 2,000 common business, home, education and game apps which were subsequently installed, analyzed and then gathered into MD5, SHA-1 and SHA-256 hash sets.
Use: These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).
Hash Set Name: MAC Applications
File Name: Encase_MD5_Mac_App_Store.hash
Release Date: 19 November 2017
Source: Whitehat Computer Forensics, LLC (HashSets.com)
Format:Guidance Software Encase (v6,7,8)
Download: Here (26.5 mb)
About: OS X Mac Applications (Known Good/Non-Threatening).
The attached zip file contains hash values derived from Mac OS X Applications commonly found within the Mac App Store. Specifically, more than 2,000 common Utilities, Finance, Travel, Graphics & Design, Games, Business and Education apps which were subsequently installed, analyzed and then gathered into MD5, SHA-1 and SHA-256 hash sets.
Use: These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).
Hash Set Name: US Government
File Name: Encase_MD5_US_Goverment.hash
Release Date: 5 September 2016
Source: Whitehat Computer Forensics, LLC (HashSets.com)
Format:Guidance Software Encase (v6,7,8)
Download: Here (16.5 mb)
About: The attached hash set contains more than 963,490 common non-threatening known hash values consisting of US Government (federal, state, local and military) publicly accessible website images, logos, multimedia files, office documents (.doc, .pdf, .xls, .ppt, etc).
Use: These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).
Hash Set Name: Operating Systems
File Name: Operating_Systems_Hash_Sets.zip
Release Date: 19 November 2017
Source: Whitehat Computer Forensics, LLC (HashSets.com)
Format:Guidance Software Encase (v6,7,8)
Download: Here (329 mb)
About: Operating System Hash Sets: MS Windows, Linux, macOS, BSD and Solaris
Use: These hash values can be utilized to assist in the elimination of non-threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, eDiscovery, Malware Analysis, etc).
Hash Set Name: Black or Gray Hash Sets
File Name: Encase_MD5_Black_or_Gray_HashSets.hash
Release Date: 23 April 2017
Source: Whitehat Computer Forensics, LLC (HashSets.com)
Format:Guidance Software Encase (v6,7,8)
Download: Here (26.5 mb)
About: 'Notable', 'Suspicious' or 'Significant' hash values involving possibly malicious and/or unwanted software and utilities including:
- SQL Injection Tools, Packers, Bruteforcing
- Flooders, Denial of Service (DoS)
- Defacers, Cracking, Rippers
- Recon, Killers, All in One (AIO) Tools
- Credit Card Generators, Key Generators, Sniffers
- Password Gathering, Nukers, Network Testing
- File Sharing artifacts from Peer-to-Peer (P2P) sites
- Red-herring (files annotated or described with a particular non-threatening name but actually designed or coded for nefarious purposes)
- Carrier Pigeon Archives (compressed files such as ZIP, RAR, GZIP, CAB, etc, that were identified in transporting any significant, notable or alert files).
Use: These provided hash values can be utilized to assist in the identification of possibly threatening files during computer forensic and computer security examinations (Computer Compromises, Network Intrusions, Malware Analysis, etc).