Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] Support multiple hashing methods when processing evidence in register evidence function #642

Open
mlcirosec opened this issue Nov 27, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@mlcirosec
Copy link

Product: dfir-iris / iris-web
version: v2.4.15

Is your feature request related to a problem? Please describe.
As of today, the register evidence function "process" only seems to calculate a MD5 hash of provided files.
image

I"d like to see the possibility to choose or default to other, more recent hashing algorithms, like SHA256 or even sHA1. While there is no technical limitation to just manually overwrite the value in the Hash input field after automatic processing, this is error prone and easily omitted by analysts.

Describe the solution you"d like
Feature request:

  • provide an option to choose from other hashing algorithms than MD5 when registering evidence via the "Process" functionality in the web UI
  • alternatively, make the hashing algorithm configurable on a per-case basis when creating a case
  • alternatively, make the hashing algorithm configurable by IRIS admins globally

Describe alternatives you"ve considered
Using the API or python client may enable us to use a hashing algorithm of our choosing. However, this actually breaks the flow / experience when working with the web UI: one would need to switch front-ends just to overcome an unsatisfying situation.

@mlcirosec mlcirosec added the enhancement New feature or request label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant