Difference between revisions of "Context Triggered Piecewise Hashing"

From Forensics Wiki
Jump to: navigation, search
(Added link to DFRWS paper)
m
 
(6 intermediate revisions by one user not shown)
Line 1: Line 1:
Based on the work of Dr. Andrew Tridgell, Context Triggered Piecewise Hashing, aka Fuzzy Hashing, can match inputs that have many homologies. This means that the inputs have large sequences of bytes that are identical and in the same order. This technique was originally published at the [[DFRWS]] conference in 2006 in a paper [http://dfrws.org/2006/proceedings/12-Kornblum.pdf|Identifying Almost Identical Files Using Context Triggered Piecewise Hashing].
+
{{Expand}}
 +
Context Triggered Piecewise Hashing, also called '''Fuzzy Hashing''', can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
  
External Links:
+
CTPH was originally based on the work of Dr. Andrew Tridgell and a spam email detector called SpamSum. This method was adapted by [[Jesse Kornblum]] and published at the [[DFRWS]] conference in 2006 in a paper [http://dfrws.org/2006/proceedings/12-Kornblum.pdf Identifying Almost Identical Files Using Context Triggered Piecewise Hashing].
  
ssdeep - http://ssdeep.sf.net/
+
== Implementations ==
 +
 
 +
* [[ssdeep]] is a cross-platform CTPH client.
 +
 
 +
== See Also ==
 +
* [[Piecewise hashing]]
 +
 
 +
== External Links ==
 +
 
 +
* [http://samba.org/ftp/unpacked/junkcode/spamsum/ SpamSum]
 +
 
 +
[[Category:Hashing]]

Latest revision as of 10:50, 20 December 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Context Triggered Piecewise Hashing, also called Fuzzy Hashing, can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.

CTPH was originally based on the work of Dr. Andrew Tridgell and a spam email detector called SpamSum. This method was adapted by Jesse Kornblum and published at the DFRWS conference in 2006 in a paper Identifying Almost Identical Files Using Context Triggered Piecewise Hashing.

Implementations

  • ssdeep is a cross-platform CTPH client.

See Also

External Links