Didier Stevens has released an update for his specialized utility, zipdump.py, bringing the tool to version 0.0.33. This utility is a key component of his forensic software suite, designed to analyze, dump, and extract information from ZIP containers and related file formats often seen in malware analysis.
The primary feature of this update is the introduction of the sha256 pseudo-field. This allows analysts to calculate the SHA256 hash of specific archive content directly, supporting various modes such as compressed data, decompressed data, and extra fields. The update includes new command arguments like -E sha256:data and -E sha256:decompress to facilitate rapid file identification and integrity checking.
Top comments (0)