overwraith Posted October 5, 2014 Share Posted October 5, 2014 Thought I would share a snippet, you all might find it interesting. Basically forensic investigators use hashing algorithms to ensure that files are not forensically changed before trial. This program can take strings or files and determine their forensic hashes and print them to the screen. Not a full fledged forensics program, just a snippet you all might enjoy. /*Author: overwraith*/ using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography; using System.Threading.Tasks; using System.IO; namespace Fingerprint { class Program { static void Main(string[] args) { if (args.Length == 0) { Console.WriteLine("Fingerprint.exe -f D:\\Folder\\file -s \"The quick brown fox jumps over the lazy dog\" ..."); return; } //process file arguments in parallel Parallel.For(0, args.Length, (i) => { if (args[i] == "-f") { Console.WriteLine(HashTest(args[i + 1])); } else if (args[i] == "-s") {//string input Console.WriteLine(StringTest(args[i + 1])); } }); //Console.ReadLine(); }//end main public static String HashTest(String file) { //call all the hash algorithims here HashAlgorithm[] hashes = new HashAlgorithm[3]; StringBuilder str = new StringBuilder(); hashes[0] = SHA1.Create(); hashes[1] = MD5.Create(); hashes[2] = SHA512.Create(); str.Append("File: " + file + "\n\n"); for (int i = 0; i < hashes.Length; i++) { str.Append(hashes[i].GetType().Name + ": \n" + BitConverter.ToString(hashes[i].ComputeHash(new FileStream(file, FileMode.Open, FileAccess.Read))) + "\n\n"); }//end loop //returning a string keeps files and hashes contiguous return str.ToString(); }//end method public static String StringTest(String input) { //call all the hash algorithims here HashAlgorithm[] hashes = new HashAlgorithm[3]; StringBuilder str = new StringBuilder(); hashes[0] = SHA1.Create(); hashes[1] = MD5.Create(); hashes[2] = SHA512.Create(); str.Append("String: " + input + "\n\n"); for (int i = 0; i < hashes.Length; i++) { str.Append(hashes[i].GetType().Name + ": \n" + BitConverter.ToString(hashes[i].ComputeHash(StringToStream(input))) + "\n\n"); }//end loop //returning a string keeps files and hashes contiguous return str.ToString(); }//end method public static Stream StringToStream(String src) { byte[] byteArray = Encoding.UTF8.GetBytes(src); return new MemoryStream(byteArray); }//end method }//end class }//end namespace Quote Link to comment Share on other sites More sharing options...
cooper Posted October 5, 2014 Share Posted October 5, 2014 Why go with parallel on the arguments rather than the hashes? Instead of having 2 methods that do almost the exact same thing in the exact same way, except that one turns a file into an inputstream where the other turns a string into an inputstream, why not, as you process the arguments, create the appropriate inputstream for that argument and then provide it to the single method that computes the hashes for it? What I think you should do is create a model class that contains a string identifier (=filename or constant string provided), a HashAlgorithm and an instance of the input stream (don't reuse a single instance!) and populate a list of those with the appropriate data as provided by the arguments. Having processed your arguments that list is now your program worksheet. Using Parallel, invoke a method that will, for each entry in the list, compute the hash and then write the identifier, the hash class name (or something to identify the hash type at least) and the hash. Quote Link to comment Share on other sites More sharing options...
overwraith Posted October 5, 2014 Author Share Posted October 5, 2014 It was just an example, I don't want to tweak it any more. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.