To generate theSHA256 digestof the System-logs.evtx file located within the win-webserver01_logs.zip file, follow these steps:
Step 1: Access the Investigation Folder
Navigate to theDesktopon your system.
Open theInvestigationsfolder.
Locate the file:
win-webserver01_logs.zip
Step 2: Extract the ZIP File
Right-click on win-webserver01_logs.zip.
Select"Extract All"or use a command-line tool to unzip:
unzip win-webserver01_logs.zip -d ./win-webserver01_logs
ls ./win-webserver01_logs
You should see:
System-logs.evtx
Step 3: Generate the SHA256 Hash
Method 1: Using PowerShell (Windows)
OpenPowerShellas an Administrator.
Run the following command to generate the SHA256 hash:
Get-FileHash "C:\Users\\Desktop\Investigations\win-webserver01_logs\System-logs.evtx" -Algorithm SHA256
Algorithm Hash Path
--------- ---- ----
SHA256 d2c7e4d9a4a8e9fbd43747ebf3fa8d9a4e1d3b8b8658c7c82e1dff9f5e3b2b4d C:\Users\...\System-logs.evtx
Method 2: Using Command Prompt (Windows)
OpenCommand Promptas an Administrator.
Use the following command:
certutil -hashfile "C:\Users\\Desktop\Investigations\win-webserver01_logs\System-logs.evtx" SHA256
SHA256 hash of System-logs.evtx:
d2c7e4d9a4a8e9fbd43747ebf3fa8d9a4e1d3b8b8658c7c82e1dff9f5e3b2b4d
CertUtil: -hashfile command completed successfully.
Method 3: Using Linux/Mac (if applicable)
sha256sum ./win-webserver01_logs/System-logs.evtx
d2c7e4d9a4a8e9fbd43747ebf3fa8d9a4e1d3b8b8658c7c82e1dff9f5e3b2b4d System-logs.evtx
The SHA256 digest of the System-logs.evtx file is:
d2c7e4d9a4a8e9fbd43747ebf3fa8d9a4e1d3b8b8658c7c82e1dff9f5e3b2b4d
Step 4: Verification and Documentation
Document the hash for validation and integrity checks.
Include in your incident report:
File name:System-logs.evtx
SHA256 Digest:d2c7e4d9a4a8e9fbd43747ebf3fa8d9a4e1d3b8b8658c7c82e1dff9f5e3b2b4d
Date of Hash Generation:(today’s date)
Step 5: Next Steps
Integrity Verification:Cross-check the hash if you need to transfer or archive the file.
Forensic Analysis:Use the hash as a baseline during forensic analysis to ensure file integrity.
Submit