Add option to list files that have known hash, but for which the filename doesn't match any of the known filenames for that hash

hashlookup / hashlookup-forensic-analyser

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

https://hashlookup.github.io/hashlookup-forensic-analyser/

Other

121 stars 13 forks source link

Add option to list files that have known hash, but for which the filename doesn't match any of the known filenames for that hash #12

Open Wachizungu opened 1 year ago

Wachizungu commented 1 year ago

Some attack techniques replace a 'known' file by another 'known' file, allowing them to exploit some processing flow that triggers the binary at the target location

This kind of scenario could be detected with this proposed new functionality