Beyond Fuzzy Hashing
The 2010 European Digital Forensics and Incident Response Summit
Computers are fantastic at finding identical pieces of data, but terrible at finding similar data. Part of the problem is first defining the term "similar" in any given context. This talk will explore what similar means for different contexts in computer forensics. We will then discuss fuzzy hashing, a method for identifying similar files using signatures similar to MD5 or SHA-256. Finally we'll discuss more specific methods for finding similar images and executables.