DFRWS USA 2022 - Paper accepted
1 August 2022
The article FRASHER - A framework for automated evaluation of similarity hashing was accepted at DFRWS USA 2022. The article presents our similarity hashing algorithm evaluation framework in the field of digital forensics. The paper was presented at the Digital Forensic Research Workshop (DFRWS) USA 2022 as part of a virtual event in July 2022.
Authors: Thomas Göbel, Frieder Uhlig, Harald Baier, Frank Breitinger
Abstract:
A challenge for digital forensic investigations is dealing with large amounts of data that need to be processed. Approximate matching (AM), a.k.a. similarity hashing or fuzzy hashing, plays a pivotal role in solving this challenge. Many algorithms have been proposed over the years such as ssdeep, sdhash, MRSH-v2, or TLSH, which can be used for similarity assessment, clustering of different artifacts, or finding fragments and embedded objects. To assess the differences between these implementations (e.g., in terms of runtime efficiency, fragment detection, or resistance against obfuscation attacks), a testing framework is indispensable and the core of this article. The proposed framework is called FRASHER (referring to a predecessor FRASH from 2013) and provides an up-to-date view on the problem of evaluating AM algorithms with respect to both the conceptual and the practical aspects. Consequently, we present and discuss relevant test case scenarios as well as release and demonstrate our framework allowing a comprehensive evaluation of AM algorithms. Compared to its predecessor, we adapt it to a modern environment providing better modularity and usability as well as more thorough testing cases.