FRASH: A framework to test algorithms of similarity hashing

Details

Serval ID
serval:BIB_CB2645E5A818
Type
Article: article from journal or magazin.
Collection
Publications
Title
FRASH: A framework to test algorithms of similarity hashing
Journal
Digital Investigation
Author(s)
Breitinger Frank, Stivaktakis Georgios, Baier Harald
ISSN
1742-2876
Publication state
Published
Issued date
08/2013
Volume
10
Pages
S50-S58
Language
english
Abstract
Automated input identification is a very challenging, but also important task. Within computer forensics this reduces the amount of data an investigator has to look at by hand. Besides identifying exact duplicates, which is mostly solved using cryptographic hash functions, it is necessary to cope with similar inputs (e.g., different versions of a file), embedded objects (e.g., a JPG within a Word document), and fragments (e.g., network packets), too. Over the recent years a couple of different similarity hashing algorithms were published. However, due to the absence of a definition and a test framework, it is hardly possible to evaluate and compare these approaches to establish them in the community. The paper at hand aims at providing an assessment methodology and a sample implementation called FRASH: a framework to test algorithms of similarity hashing. First, we describe common use cases of a similarity hashing algorithm to motivate our two test classes efficiency and sensitivity & robustness. Next, our open and freely available framework is briefly described. Finally, we apply FRASH to the well-known similarity hashing approaches ssdeep and sdhash to show their strengths and weaknesses.
Keywords
Digital forensics, Similarity hashing, Test framework, sdhash, ssdeep
Web of science
Open Access
Yes
Create date
06/05/2021 11:01
Last modification date
06/05/2021 11:23
Usage data