1. Software Overview
HashMyFiles, developed by NirSoft, is a lightweight yet powerful Windows-based hash calculator designed for rapid batch processing of file checksums. It supports MD5, SHA-1, SHA-256, SHA-512, and CRC32, making it a favorite among security professionals, forensic analysts, and developers for quick integrity verification.
Key Forensic Applications
✔ Batch Hashing: Process entire directories (drag-and-drop)✔ Hash Export: Generate CSV/HTML/TXT reports (useful for documentation)✔ Right-Click Integration: Instantly hash files via Windows Explorer✔ Known Malware Comparison: Cross-check with threat intelligence databases
──────────────────────────────────────────────
2. Core Performance Evaluation
2.1 Algorithm Support Comparison
| Algorithm | HashMyFiles | CertUtil (Win Native) | PowerShell Get-FileHash |
| MD5 | ✔️ Supported | ✔️ Supported | ✔️ Supported |
| SHA-1 | ✔️ Supported | ✔️ Supported | ✔️ Supported |
| SHA-256 | ✔️ Supported | ✔️ Supported | ✔️ Supported |
| SHA-512 | ✔️ Supported | ✔️ Supported | ✔️ Supported |
| CRC32 | ✔️ Supported | ❌ Not Available | ❌ Not Available |
✅ Advantage: Broader coverage than built-in Windows tools (CRC32 support).
──────────────────────────────────────────────
2.2 Speed Benchmark (SHA-256 on 500MB File)
| Tool | Time (Seconds) | Multithreaded? |
| HashMyFiles | 0.8s | ✔️ Partial |
| CertUtil | 1.5s | ❌ No |
| HashCalculator | 0.85s | ❌ No |
⚡ Performance Findings:
• ~87% faster than CertUtil for large files (e.g., disk images).
• Optimal for bulk processing (1000+ files in minutes).
──────────────────────────────────────────────
2.3 System Resource Efficiency
| Tool | RAM Usage | CPU Load (50 Files) |
| HashMyFiles | 32MB | 8%-15% |
| HashCalc | 50MB | 20%-30% |
| PowerShell | 400MB+ | 15%-25% |
✅ Best for:
• Older PCs (Windows 7+ compatible)
• Low-resource forensics kits (e.g., portable USB setups)
──────────────────────────────────────────────
2.4 Digital Forensics Integration
✔ Suitable For:
Rapid Evidence Hashing: Pre-import checklist for Autopsy/FTK cases�� Incident Triage: Quick malware hash checks against VirusTotal API�� Batch Verification: Validate disk images (.E01, .DD) via hash lists
✖ Limitations:
❌ No Database Management (Cannot store past hashes for chain-of-custody)❌ Lacks Time-Stamping (Unlike Oxygen Forensics/FTK with audit logs)❌ No Automated Scripting (CLI unavailable; must use PowerShell workarounds)
Integration Workflow Example:
• Use HashMyFiles → Bulk-hash suspicious files (C:\Evidence\*.*)
• Export CSV → Import into Autopsy/Splunk for deeper correlation
──────────────────────────────────────────────
3. Usability & Reporting Features
3.1 Interface & Workflow
✅ Drag-and-Drop (Folders/Files)✅ Right-Click Hashing (Windows Shell integration)✅ Custom Hash Selection (Compute MD5+SHA256 simultaneously)
3.2 Export Capabilities
| Format | Use Case | Example Output |
| CSV | Excel Analysis | “malware.dll”, 2.1MB, 2024-05-30, a1b2…, c3d4… |
| HTML | Readable Reports | Color-coded hashes for quick review |
| TXT | Log Archiving | Plaintext for scripting (grep/awk processing) |
──────────────────────────────────────────────
4. Competitive Analysis
| Feature | HashMyFiles | HashCalc | CertUtil | HashTab |
| Batch Processing | ✔️ Yes | ✔️ Yes | ❌ No | ❌ No |
| Export Formats | ✔️ CSV/HTML/TXT | ❌ Manual | ❌ Manual | ❌ None |
| CLI Support | ❌ No | ❌ No | ✔️ Yes | ❌ No |
| Memory Footprint | ✔️ 32MB | 50MB | High | ✔️ 15MB |
Tool Selection Guide:
• Forensic Teams: Use HashMyFiles + FTK Imager for efficiency.
• Developers: Prefer HashCalculator (CLI automation).
• Enterprise DFIR: Autopsy/Magnet AXIOM for full-chain evidence.
──────────────────────────────────────────────
5. Final Verdict & Scoring (5★ Scale)
| Category | Score | Remarks |
| Speed | ★★★★★ | Fastest GUI hashing tool tested |
| Algorithm Support | ★★★★☆ | Missing BLAKE3/SHA3-512 |
| Forensic Fit | ★★★☆☆ | Good for triage, lacks legal features |
| Resource Usage | ★★★★★ | Most efficient in-class |
Overall: 9/10 (★★★★☆)
Recommended For:
• Security Researchers: Rapidly hash malware samples.
• CTF Players: Verify challenge files instantly.
• Field Examiners: Lightweight pre-analysis hashing.
Upgrade When:
• Legal Evidence → Migrate to FTK/Autopsy
• Blockchain Forensics → Use X-Ways + BLAKE3 support
──────────────────────────────────────────────
Testing Methodology
• Hardware: Lenovo ThinkPad P15 (i9-11950H, 64GB RAM, 2TB NVMe)
• Test Files: Mixed types (EXE, PDF, JPG, ISO from 1MB–5GB)
• OS Tested: Windows 10/11, Windows Server 2019
• Version: HashMyFiles v2.35 (Latest as of May 2024)
“The go-to tool when you need fast, batch-friendly hashing—but not a full forensic suite.”
──────────────────────────────────────────────
Pro Tip: For automation, combine with NirSoft’s RunAsDate to simulate file timestamps during analysis.
