FRASHER – A framework for automated evaluation of similarity hashing

Details

Ressource 1Download: 1-s2.0-S2666281722000889-main.pdf (762.09 [Ko])
State: Public
Version: Final published version
License: CC BY-NC-ND 4.0
Serval ID
serval:BIB_46BA340CA680
Type
Article: article from journal or magazin.
Collection
Publications
Institution
Title
FRASHER – A framework for automated evaluation of similarity hashing
Journal
Forensic Science International: Digital Investigation
Author(s)
Göbel Thomas, Uhlig Frieder, Baier Harald, Breitinger Frank
ISSN
2666-2817
Publication state
Published
Issued date
07/2022
Peer-reviewed
Oui
Volume
42
Pages
301407
Language
english
Abstract
A challenge for digital forensic investigations is dealing with large amounts of data that need to be processed. Approximate matching (AM), a.k.a. similarity hashing or fuzzy hashing, plays a pivotal role in solving this challenge. Many algorithms have been proposed over the years such as ssdeep, sdhash, MRSH-v2, or TLSH, which can be used for similarity assessment, clustering of different artifacts, or finding fragments and embedded objects. To assess the differences between these implementations (e.g., in terms of runtime efficiency, fragment detection, or resistance against obfuscation attacks), a testing framework is indispensable and the core of this article. The proposed framework is called FRASHER (referring to a predecessor FRASH from 2013) and provides an up-to-date view on the problem of evaluating AM algorithms with respect to both the conceptual and the practical aspects. Consequently, we present and discuss relevant test case scenarios as well as release and demonstrate our framework allowing a comprehensive evaluation of AM algorithms. Compared to its predecessor, we adapt it to a modern environment providing better modularity and usability as well as more thorough testing cases.
Keywords
Test framework, Test cases, Evaluation framework, Approximate matching, Similarity hashing, Fuzzy hashing, Similarity digest algorithm
Web of science
Open Access
Yes
Create date
05/09/2022 8:51
Last modification date
07/09/2022 6:09
Usage data