TU Darmstadt / ULB / TUbiblio

F2S2: Fast forensic similarity search through indexing piecewise hash signatures

Winter, Christian and Schneider, Markus and Yannikos, York (2013):
F2S2: Fast forensic similarity search through indexing piecewise hash signatures.
10, In: Digital Investigation (Elsevier), (4), pp. 361–371, DOI: 10.1016/j.diin.2013.08.003,
[Article]

Abstract

Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e.g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes.

Item Type: Article
Erschienen: 2013
Creators: Winter, Christian and Schneider, Markus and Yannikos, York
Title: F2S2: Fast forensic similarity search through indexing piecewise hash signatures
Language: ["languages_typename_1" not defined]
Abstract:

Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e.g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes.

Journal or Publication Title: Digital Investigation (Elsevier)
Volume: 10
Number: 4
Uncontrolled Keywords: Secure Data;Digital forensics, similarity search, indexing, piecewise hashing, ssdeep, n-gram
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Date Deposited: 30 Dec 2016 20:23
DOI: 10.1016/j.diin.2013.08.003
Identification Number: TUD-CS-2013-0241
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)

View Item View Item