Rainbow Table & Hash Set Collection
This product is an internal SATA 3TB hard disk (manufacturer may vary) which has copies of a number of different rainbow tables and hash sets from various external sources and several generated by PassMark.
They can be used in conjunction with OSForensics for password recovery and quickly identifying known safe files (such as operating system and program files) and suspected malicious files (viruses, trojans, script files).
The actual rainbow tables and hash sets are available from a number of sources for free however the entire collection is very large (approximately 2.5TB). See the Free Download Locations section for more information about the external sources for the tables.
Included Rainbow Tables
Rainbow tables are tables of plain text passwords and hashes. They allow a password to be quickly looked up if a hash for that password is known.
For more information on using rainbow tables in OSForensics see this password
These tables are in RTI1.0 format.
|md5_loweralpha-numeric||MD5, lower case 1-7 characters (a-z 0-9)||73 MB||PassMark|
|lm_alpha-numeric||LM Hash, upper case 1-7 characters (A-Z 0-9)||180 MB||PassMark|
|sha1_loweralpha-numeric||SHA1, lower case 1-7 characters (a-z 0-9)||57 MB||PassMark|
|LM & Half LM*||5 tables, various alpha numeric combinations, 1-7 characters long||600 GB||FreeRainbowTables**|
|MD5||13 tables, up to 12 characters long with various alpha numeric combinations||1 TB||FreeRainbowTables**|
|MYSQLSHA1||2 tables up to 12 characters long with various alpha numeric combinations||35.5 GB||FreeRainbowTables**|
|NTLM*||12 tables, up to 12 characters long with various alpha numeric combinationss||818 MB||FreeRainbowTables**|
|SHA1||4 tables, up to 12 characters long with various alpha numeric combinations||97.3 GB||FreeRainbowTables**|
*HalfLM, NTLM and hybrid tables are not currently compatible with OSForensics but can be used with other rainbow table software.
*FreeRainbowTables is no longer online.
Included Hash Sets
Hash Sets are used in a data analysis technique called Hash Analysis, which
uses the MD5, SHA1 and SHA256 hash of files to verify the files on a storage
device. A hash uniquely identifies the contents of a file, regardless of
filename and can be used to identify the presence of malicious, contraband, or
incriminating files such as bootleg software, pornography and viruses. See this
video of hash sets in use in OSForensics.
|KeyLoggers||Collection of keyloggers||1.14 MB||PassMark|
|Office 2007 Enterprise (Vista)||Office 2007 files (Windows Vista 32bit)||3.87 MB||PassMark|
|Office 2007 Enterprise (Win7)||Office 2007 files (Windows 7 32bit)||5.22 MB||PassMark|
|Vista Business (32-bit)||Windows system files||19.7 MB||PassMark|
|Vista Business (x64)||Windows system files||19.7 MB||PassMark|
|Win7 Enterprise (x64)||Windows system files||26.4 MB||PassMark|
|Win7 Ultimate (32-bit)||Windows system files||40.8 MB||PassMark|
|XP Professional (32-bit)||Windows system files||4.92 MB||PassMark|
|XP Profesional (x64)||Windows system files||4.10 MB||PassMark|
|Win10 Home (x64)||Windows system files||23.9 MB||PassMark|
|NSRL 2.30 Septempter 2010||Includes original NSRL data in CSV format and OSForensics conversion||18.1 GB||NSRL|
|NSRL 2.34 October 2011||Includes original NSRL data in CSV format and OSForensics conversion||19.5 GB||NSRL|
|NSRL 2.44 April 2014||OSForensics conversion||20.3 GB||NSRL|
|NSRL 2.52 June 2016||OSForensics conversion||29.0 GB||NSRL|
|NSRL 2.55 December2016||OSForensics conversion||17.6 GB||NSRL|
There are issues using large hard drives on older Windows machines. The rainbow table drives are formatted with what is know as GPT formatting (GUID Partition Table). This is necessary as the older MBR partition format can't deal with drives over 2TB. Older computers will have a problem with large hard drives. Windows XP and Windows 2000 are incompatible with this drive for example! Older BIOSs may also not recognise the full capacity of the drive. While BIOS limitations can sometimes be avoided by using a USB dock with the hard drive, you should check compatibility with yout motherboard and O/S before you purchase.
Please note the rainbow tables (about 2.5TB worth) were downloaded from a source that is no longer available online.
The hash sets are available for free from the National Software Reference Library, approximately
a 1.7GB download, and
there is a OSForensics tutorial on how to convert them for use within OSForensics. Please note that conversion may take several days.
The hash sets and rainbow tables created by PassMark are also available from the OSForensics Download page. We are not selling the tables, only the service of copying them onto a 3TB hard drive and shipping.