Name
Abstract | ||
|---|---|---|
Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e. g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1016/j.diin.2013.08.003 | Digital Investigation |
Keywords | Field | DocType |
n-gram,indexing,digital forensics,ssdeep,piecewise hashing,similarity search,n gram | Locality-sensitive hashing,Data mining,Hash tree,Double hashing,Computer science,Feature hashing,Theoretical computer science,Hash function,Dynamic perfect hashing,Hash list,Hash table | Journal |
Volume | Issue | ISSN |
10 | 4 | 1742-2876 |
Citations | PageRank | References |
9 | 0.57 | 21 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Christian Winter | 1 | 24 | 3.19 |
| Markus Schneider | 2 | 62 | 6.33 |
| York Yannikos | 3 | 43 | 7.60 |