Hi Chris,
SDK content is what you would want to run to extract the files off. We actually have an unofficial java program that can be used to extract off any files you would like automatically and write them off to a directory of your choosing. We've used this in the past to extract content to mount to a network share for tools like sandboxes (Cuckoo, FireEye AX) to automatically pick up and analyze. I'm not sure there is an easy way to automaticallygenerate the hash on the fly (Maybe possible with a Lua parser?). However once the files are written to a share you could script running an md5sum against the files you've written off and pipe to a csv. Simple script could do that for you.
Example of a query to extract. Ideally you would want the query to leave off at the last session id you started on so you aren't continuously writing the same files off. The java program attached actually calculates this and does that for you.
sdk open nw://admin:netwitness@192.168.117.191:50005
sdk output ./extractedfiles
sdk content session=1-now where="service=80,139,25,110 && filetype=''swf'" render=files includeFileTypes=".swf" maxDirSize=2048mb
Email me and I'll get the package over to you. Hope this helps!
-Mike Gotham
michael.gotham@rsa.com
