Improve Your Forensic Analyses with hashlookup Alexandre Dulaunoy a@foo.be Introduction For several decades, forensic analyses in cybersecurity have relied on known software hash sources. These sources are not numerous. Most investigators and security researchers use sources like the National Software Reference Library (NSRL) and its Reference Data Set (RDS) to distinguish known files from unknown ones. For several years at CIRCL, it became evident that we were finding it increasingly difficu...
