Winter, Christian ; Schneider, Markus ; Yannikos, York (2013):
F2S2: Fast forensic similarity search through indexing piecewise hash signatures.
In: Digital Investigation (Elsevier), 10 (4), pp. 361–371. DOI: 10.1016/j.diin.2013.08.003,
[Article]
Abstract
Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e.g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes.
| Item Type: | Article |
|---|---|
| Erschienen: | 2013 |
| Creators: | Winter, Christian ; Schneider, Markus ; Yannikos, York |
| Title: | F2S2: Fast forensic similarity search through indexing piecewise hash signatures |
| Language: | ["languages_typename_1" not defined] |
| Abstract: | Fuzzy hashing provides the possibility to identify similar files based on their hash signatures, which is useful for forensic investigations. Current tools for fuzzy hashing, e.g. ssdeep, perform similarity search on fuzzy hashes by brute force. This is often too time-consuming for real cases. We solve this issue for ssdeep and even a larger class of fuzzy hashes, namely for piecewise hash signatures, by introducing a suitable indexing strategy. The strategy is based on n-grams contained in the piecewise hash signatures, and it allows for answering similarity queries very efficiently. The implementation of our solution is called F2S2. This tool reduces the time needed for typical investigations from many days to minutes. |
| Journal or Publication Title: | Digital Investigation (Elsevier) |
| Volume of the journal: | 10 |
| Issue Number: | 4 |
| Uncontrolled Keywords: | Secure Data;Digital forensics, similarity search, indexing, piecewise hashing, ssdeep, n-gram |
| Divisions: | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren LOEWE |
| Date Deposited: | 30 Dec 2016 20:23 |
| DOI: | 10.1016/j.diin.2013.08.003 |
| Identification Number: | TUD-CS-2013-0241 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Send an inquiry |
Options (only for editors)
 |
Show editorial Details |
Drucken
Impressum