Winter, Christian ; Schneider, Markus ; Yannikos, York (2013)
F2S2: Fast forensic similarity search through indexing piecewise hash signatures.
In: Digital Investigation (Elsevier), 10 (4)
doi: 10.1016/j.diin.2013.08.003
Artikel, Bibliographie
Kurzbeschreibung (Abstract)
Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e.g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2013 |
| Autor(en): | Winter, Christian ; Schneider, Markus ; Yannikos, York |
| Art des Eintrags: | Bibliographie |
| Titel: | F2S2: Fast forensic similarity search through indexing piecewise hash signatures |
| Sprache: | Englisch |
| Publikationsjahr: | 2013 |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | Digital Investigation (Elsevier) |
| Jahrgang/Volume einer Zeitschrift: | 10 |
| (Heft-)Nummer: | 4 |
| DOI: | 10.1016/j.diin.2013.08.003 |
| Kurzbeschreibung (Abstract): | Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e.g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes. |
| Freie Schlagworte: | Secure Data;Digital forensics, similarity search, indexing, piecewise hashing, ssdeep, n-gram |
| ID-Nummer: | TUD-CS-2013-0241 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum