How to Calculate Hash Value
Calculate Hash Value
Before knowing about “Calculate Hash Value” methods we need to know what is Hashing.
What is Hash?
Hashing is a method for reducing large inputs to a compact fixed size output. When you are performing forensics, typically cryptography hashing algorithms like MD5 and SHA-1 are used. These functions have a few properties useful to forensics. There are lots of online services that allow you to enter a hash code and discover what the preimage might have been.
Why should you calculate hashes?
You may face situations in which you want to ensure that a file is the same version and has the same content as another file (e. g., when you send folders or data to someone, you want to make certain it have not been corrupted or altered). A hash is an alphanumeric string that’s made according to a file’s contents. In case the file has been changed in any way, the hash value changes as well.
Steps to calculate hash of a Storage Drive
Step 1: Download FTK Imager Version 3.2.0 from http://marketing.accessdata.com/ftk-imager-3.2.0-download and submit required information and click on submit then its send download link on your email ID which you input earlier.
Open Your Email Account and Download “Access Data FTK Imager 3.2.0” and install them.
And Run that application
Step 2: Click on File Menu and go to “Add Evidence Item”
Step 3: Then Select Source Evidence Type (e.g. We are using Physically Drive)
Step 4: Select Source Drive Selection. In this section, you can add any physical hard disk like the computer hard disk, pen drive, memory card etc.
Step 5: Then The Physical Drive is added on Evidence Tree, now right click on your physical drive and click on Verify Drive/Image…
Step 6: Now its verify the Physical Drive, and take some time according to your drive capacity.
Step 7: Now you can see that there are MD5 and SHA1 Hash of your Physical Drive.
NOTE: Make use of the “Verify Image/Device” function. The natural way, simply attaching your thumb drive to Windows could possibly change the device hash, so I would recommend you do this using the Linux method from a forensic build disk, or use a write blocker (Device for purpose of gaining read-only access to computer hard drive without the take risks of tampering or damaging the drive’s contain) under windows.