Skip to main content
Journal ArticleOPEN ACCESS

Identifying almost identical files using context triggered piecewise hashing

Digital Investigation (2006) 3(SUPPL.) 91-97
DOI: 10.1016/j.diin.2006.06.015
296Citations
Citations of this article
260Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Homologous files share identical sets of bits in the same order. Because such files are not completely identical, traditional techniques such as cryptographic hashing cannot be used to identify them. This paper introduces a new technique for constructing hash signatures by combining a number of traditional hashes whose boundaries are determined by the context of the input. These signatures can be used to identify modified versions of known files even if data has been inserted, modified, or deleted in the new files. The description of this method is followed by a brief analysis of its performance and some sample applications to computer forensics. © 2006 DFRWS.

Author supplied keywords

Cite

CITATION STYLE

APA

Kornblum, J. (2006). Identifying almost identical files using context triggered piecewise hashing. Digital Investigation, 3(SUPPL.), 91–97. https://doi.org/10.1016/j.diin.2006.06.015

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free