Beyond Fuzzy Hashing
The 2010 European Digital Forensics and Incident Response Summit

Slides (pdf)    

Computers are fantastic at finding identical pieces of data, but terrible at finding similar data. Part of the problem is first defining the term "similar" in any given context. This talk will explore what similar means for different contexts in computer forensics. We will then discuss fuzzy hashing, a method for identifying similar files using signatures similar to MD5 or SHA-256. Finally we'll discuss more specific methods for finding similar images and executables.

Home     Publications     Presentations     Utilities     Tools     Blog