FRASH: A framework to test algorithms of similarity hashing

Détails

ID Serval
serval:BIB_CB2645E5A818
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Titre
FRASH: A framework to test algorithms of similarity hashing
Périodique
Digital Investigation
Auteur⸱e⸱s
Breitinger Frank, Stivaktakis Georgios, Baier Harald
ISSN
1742-2876
Statut éditorial
Publié
Date de publication
08/2013
Volume
10
Pages
S50-S58
Langue
anglais
Résumé
Automated input identification is a very challenging, but also important task. Within computer forensics this reduces the amount of data an investigator has to look at by hand. Besides identifying exact duplicates, which is mostly solved using cryptographic hash functions, it is necessary to cope with similar inputs (e.g., different versions of a file), embedded objects (e.g., a JPG within a Word document), and fragments (e.g., network packets), too. Over the recent years a couple of different similarity hashing algorithms were published. However, due to the absence of a definition and a test framework, it is hardly possible to evaluate and compare these approaches to establish them in the community. The paper at hand aims at providing an assessment methodology and a sample implementation called FRASH: a framework to test algorithms of similarity hashing. First, we describe common use cases of a similarity hashing algorithm to motivate our two test classes efficiency and sensitivity & robustness. Next, our open and freely available framework is briefly described. Finally, we apply FRASH to the well-known similarity hashing approaches ssdeep and sdhash to show their strengths and weaknesses.
Mots-clé
Digital forensics, Similarity hashing, Test framework, sdhash, ssdeep
Web of science
Open Access
Oui
Création de la notice
06/05/2021 11:01
Dernière modification de la notice
06/05/2021 11:23
Données d'usage