Follow

How do I import custom hash sets to create a custom KFF group?

Created by: Brendan Bone
Created date:
Last Updated date:

Question

How do I import custom hash sets to create a custom KFF group?

 

Answer

Prerequisites:

  • A text file containing a list of the desired hashes, saved as a *.csv or *.tsv.  This can be created manually or by using "Export File List Info" in FTK, including only the desired hash column in your list (e.g. MD5, SHA1, etc.).

Example:

MD5
16C3A5060A5D7D2FD6C1D647B40442DC
16C3A5060A5D7D2FD6C1D647B40442DD
16C3A5060A5D7D2FD6C1D647B40442DE
[Leave an empty line (hard return) after the last hash]

OR

  • A HashKeeper (*.hke) file

 

Procedure:

  1. In FTK go to Manage > KFF and click "Import"
  2. Click "Add File"
  3. Select the Status for your custom hash set
  4. Browse to the file with your custom hash set (*.csv, *.tsv, *.hke) 
  5. Give the hash set a name
  6. Specify a Source Vendor name, Version, and Package name
  7. Click "OK", then click "Import"
  8. Back in the KFF Admin dialog, under Defined Groups click "New"
  9. Give the group a name
  10. Select a "Status Override" (set to "None" to use the original sets' statuses)
  11. Highlight your new KFF set in the Available Groups/Hash Sets list and add it to your new group by clicking <<, then click "OK"

Overview

These steps will help you import a custom KFF hash set and create your own KFF group in FTK.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Joe Friesen

    How is this done with Cassandra? I am getting an error "Please select valid import type" , and there is no override option!

  • Avatar
    Brendan Bone

    The steps are the same. I followed the above steps in Lab 6.3 (using Cassandra) with a CSV formatted as outlined above, and it imported without errors.

    Be sure you're not trying to use the "KFF Import Utility" to do this. That tool is only for importing specially formatted NSRL libraries.

    Edited by Brendan Bone
Powered by Zendesk