Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn

Difference between revisions of "Context Triggered Piecewise Hashing"

From Forensics Wiki
Jump to navigation Jump to search
imported>Jessek
m
imported>Jessek
Line 1: Line 1:
Based on the work of Dr. Andrew Tridgell, Context Triggered Piecewise Hashing, aka Fuzzy Hashing, can match inputs that have many homologies. This means that the inputs have large sequences of bytes that are identical and in the same order. This technique was originally published at the [[DFRWS]] conference in 2006 in a paper [http://dfrws.org/2006/proceedings/12-Kornblum.pdf |Identifying Almost Identical Files Using Context Triggered Piecewise Hashing].
Based on the work of Dr. Andrew Tridgell, Context Triggered Piecewise Hashing, aka Fuzzy Hashing, can match inputs that have many homologies. This means that the inputs have large sequences of bytes that are identical and in the same order. This technique was originally published at the [[DFRWS]] conference in 2006 in a paper [http://dfrws.org/2006/proceedings/12-Kornblum.pdf |Identifying Almost Identical Files Using Context Triggered Piecewise Hashing].


External Links:
== Implementations ==


ssdeep - http://ssdeep.sf.net/
CTPH has been implemented in the program [[ssdeep]].

Revision as of 09:04, 24 February 2007

Based on the work of Dr. Andrew Tridgell, Context Triggered Piecewise Hashing, aka Fuzzy Hashing, can match inputs that have many homologies. This means that the inputs have large sequences of bytes that are identical and in the same order. This technique was originally published at the DFRWS conference in 2006 in a paper |Identifying Almost Identical Files Using Context Triggered Piecewise Hashing.

Implementations

CTPH has been implemented in the program ssdeep.