Skip to content

hashlookup-forensic-analyser version 0.5 released including bloom filter support and caching
Compare
Choose a tag to compare
@adulau adulau released this 14 Dec 13:15
· 62 commits to main since this release
v0.5
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Verified
Learn about vigilant mode.
e91d6ff
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Verified
Learn about vigilant mode.

hashlookup-forensic-analyser version 0.5

Bloom filter support

If you don't want to share your lookups online and do faster lookup, hashlookup provides a bloom filter to download.

The file is around 700MB and can be stored locally in your home directory. hashlookup-analyser works in the same way, --bloomfilter option allows to specify the filename locatoon of the bloom filter.

python3 bin/hashlookup-analyser.py --bloomfilter <yourdir>/hashlookup-full.bloom --include-stats -d /bin

v0.5 (2021-12-14)

New

  • [doc] add a quick documentation about the bloom filter feature. [Alexandre Dulaunoy]

  • [bloomfilter] use a bloomfilter source instead of the live request. [Alexandre Dulaunoy]

    adulau@kolmogorov ~/git/hashlookup-forensic-analyser/bin (main)$ python3
    hashlookup-analyser.py --cache -d /home/adulau/sample/ --print-unknown
    --bloomfilter /tmp/x.bloom --include-stats
    hashlookup_result,filename,sha-1,size
    unknown,/home/adulau/sample/xxx,278DFA419DC12FB8CD9785A873956885BBE11779,17
    unknown,/home/adulau/sample/vi,DFA8A9B6417CE3C43D91B0E69E68C26A0230DD48,3194152
    stats,Analysed directory /home/adulau/sample/ on kolmogorov running
    Linux-5.10.0-1052-oem-x86_64-with-glibc2.29 at 2021-12-06
    06:48:56.892009+00:00- Found 1 on hashlookup.circl.lu
    (hashlookup-blomfilter)- Unknown files 2 - Excluded files 0

  • New: [gh] based on the pull-request #6 from @signorrayan and feedback from @sthagen. [Alexandre Dulaunoy]

Changes

  • [workflow] we have big screens nowadays. [Alexandre Dulaunoy]

  • [hashlookup] black -S --target-version py38 [Alexandre Dulaunoy]

  • [doc] --bloomfilter option added. [Alexandre Dulaunoy]

  • [doc] updated with new --cache option. [Alexandre Dulaunoy]

  • [bin] CSV now includes SHA-1 of the files. [Alexandre Dulaunoy]

  • [bin] new --cache feature added. [Alexandre Dulaunoy]

    if cache is called, this will create a file per hash in a fixed
    directory. at each run, if --cache is called, it will check the
    existence of a file. The directory contains the JSON result saved
    from the previous hashlookup query of the server.

  • [README] a status badge added. [Alexandre Dulaunoy]

  • [bin] make isort happy. [Alexandre Dulaunoy]

  • [bin] make black happy. [Alexandre Dulaunoy]

  • [bin] consistency update fix #4. [Alexandre Dulaunoy]

Fix

  • [doc] bloom filter link fixed. [Alexandre Dulaunoy]

  • [bloomfilter] bug fix as bloomfilter just returns a True or False. [Alexandre Dulaunoy]

  • [bin] remove ambiguity on file handle type. [Alexandre Dulaunoy]

  • [bin] BinaryIO and not TextIO while reading file. [Alexandre Dulaunoy]

  • [bin] blake formatting (need a post-hook ;-) [Alexandre Dulaunoy]

  • [bin] skip type test on empty dict. [Alexandre Dulaunoy]

  • [bin] incorrect version. [Alexandre Dulaunoy]

  • [bin] as referenced in #6 - platform assignment can lead to some confusion. [Alexandre Dulaunoy]

  • [REQUIREMENTS] pytz dep was missing fix #5. [Alexandre Dulaunoy]

Contributors

sthagen and signorrayan
Assets 2
Loading