Jump to content

File and string fingerprinting


overwraith
 Share

Recommended Posts

Thought I would share a snippet, you all might find it interesting. Basically forensic investigators use hashing algorithms to ensure that files are not forensically changed before trial. This program can take strings or files and determine their forensic hashes and print them to the screen. Not a full fledged forensics program, just a snippet you all might enjoy.

/*Author: overwraith*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
using System.Threading.Tasks;
using System.IO;

namespace Fingerprint {

    class Program {

        static void Main(string[] args) {

            if (args.Length == 0) {
                Console.WriteLine("Fingerprint.exe -f D:\\Folder\\file -s \"The quick brown fox jumps over the lazy dog\" ...");
                return;
            }

            //process file arguments in parallel
            Parallel.For(0, args.Length, (i) => {
                if (args[i] == "-f") {
                    Console.WriteLine(HashTest(args[i + 1]));
                }
                else if (args[i] == "-s") {//string input
                    Console.WriteLine(StringTest(args[i + 1]));
                }
            });

            //Console.ReadLine();
        }//end main

        public static String HashTest(String file) {
            //call all the hash algorithims here
            HashAlgorithm[] hashes = new HashAlgorithm[3];
            StringBuilder str = new StringBuilder();
            
            hashes[0] = SHA1.Create();
            hashes[1] = MD5.Create();
            hashes[2] = SHA512.Create();

            str.Append("File: " + file + "\n\n");

            for (int i = 0; i < hashes.Length; i++) {
                str.Append(hashes[i].GetType().Name + ": \n" 
                    + BitConverter.ToString(hashes[i].ComputeHash(new FileStream(file, 
                        FileMode.Open, FileAccess.Read))) + "\n\n");
            }//end loop

            //returning a string keeps files and hashes contiguous
            return str.ToString();
        }//end method

        public static String StringTest(String input) {
            //call all the hash algorithims here
            HashAlgorithm[] hashes = new HashAlgorithm[3];
            StringBuilder str = new StringBuilder();

            hashes[0] = SHA1.Create();
            hashes[1] = MD5.Create();
            hashes[2] = SHA512.Create();

            str.Append("String: " + input + "\n\n");

            for (int i = 0; i < hashes.Length; i++) {
                str.Append(hashes[i].GetType().Name + ": \n"
                    + BitConverter.ToString(hashes[i].ComputeHash(StringToStream(input))) + "\n\n");
            }//end loop

            //returning a string keeps files and hashes contiguous
            return str.ToString();
        }//end method

        public static Stream StringToStream(String src) {
            byte[] byteArray = Encoding.UTF8.GetBytes(src);
            return new MemoryStream(byteArray);
        }//end method

    }//end class

}//end namespace

Link to comment
Share on other sites

Why go with parallel on the arguments rather than the hashes?

Instead of having 2 methods that do almost the exact same thing in the exact same way, except that one turns a file into an inputstream where the other turns a string into an inputstream, why not, as you process the arguments, create the appropriate inputstream for that argument and then provide it to the single method that computes the hashes for it?

What I think you should do is create a model class that contains a string identifier (=filename or constant string provided), a HashAlgorithm and an instance of the input stream (don't reuse a single instance!) and populate a list of those with the appropriate data as provided by the arguments. Having processed your arguments that list is now your program worksheet. Using Parallel, invoke a method that will, for each entry in the list, compute the hash and then write the identifier, the hash class name (or something to identify the hash type at least) and the hash.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...