Tools

Here is a list of tools that we created over time. For more information about the actual implementation or collaboration, see the corresponding publication (c+p the title(s) into the search):

mrsh & co.

mrsh_cuckoo (last update 2015/04/10)	is a similiartiy hashing / approximate matching tool equal to mrsh-net but uses Cuckoo filter instead of Bloom filter. This increases runtime efficiency and needs less memory. Show relevant publications Vikas Gupta, Frank Breitinger: How Cuckoo Filter Can Improve Existing Approximate Matching Techniques. In: James, Joshua I.; Breitinger, Frank (Ed.): Digital Forensics and Cyber Crime, pp. 39-52, Springer International Publishing, 2015, ISBN: 978-3-319-25511-8, (bf Best Paper Award).

mrsh_net (last update 2014/11/12)	is the network implementation of mrsh-v2 which has a single huge Bloom filter for the signature. Show relevant publications Frank Breitinger, Ibrahim Baggili: File Detection On Network Traffic Using Approximate Matching. In: Journal of Digital Forensics, Security and Law (JDFSL), vol. 9, no. 2, pp. 23–36, 2014, (bf Best Paper Award).

mrsh_v2.0 (last update 2013/10/04)	is the original similarity hashing tool that allows to compares files / folders with each other. Show relevant publications Frank Breitinger, Harald Baier: Similarity Preserving Hashing: Eligible Properties and a New Algorithm MRSH-v2. In: Rogers, Marcus; Seigfried-Spellar, KathrynC. (Ed.): Digital Forensics and Cyber Crime, pp. 167-182, Springer Berlin Heidelberg, 2013, ISBN: 978-3-642-39890-2.

Further tools & data

FRASH_v1.01 (last update 2013/02/19)	is a testing framework for approximate matching algorithms. Special thanks to Georgios Stivaktakis for the development and Edward Raff for the installations instructions. Show relevant publications Frank Breitinger, Georgios Stivaktakis, Harald Baier: FRASH: A Framework to Test Algorithms of Similarity Hashing. In: Digit. Investig., vol. 10, pp. S50–S58, 2014, ISSN: 1742-2876.

Tool x86 / Tool x64 (last update 2013/02/19)	an application that allows direct network-based communication with the Programable Logic Controller GE Fanuc Series 90-30 (no intermediate server is needed). Note, in contrast to what is mentioned in the publication, we removed the write functionality for security reasons. Show relevant publications George Denton, Filip Karpisek, Frank Breitinger, Ibrahim Baggili: Leveraging the SRTP protocol for over-the-network memory acquisition of a GE Fanuc Series 90-30. In: Digital Investigation, vol. 22, Supplement, pp. S26 - S38, 2017, ISSN: 1742-2876.

Timeline2GUI-Tool Training Cases (last update 2018/08/03)	Timelin2GUI Tool and the training cases (three test cases to practice Log2Timeline). To check for updates, please see the corresponding github page. Show relevant publications Mark Debinski, Frank Breitinger, Parvathy Mohan: Timeline2GUI: A Log2Timeline CSV parser and training scenarios. In: Digital Investigation, vol. 28, pp. 34 - 43, 2018, ISSN: 1742-2876.

Digital Forensics Tool Table (last update 2020/06/11)	is a list of forensics tools identified while reviewing almost 800 research articles from various digital forensic venues (2014-2019). Show relevant publications Tina Wu, Frank Breitinger, Stephen O'Shaughnessy: Digital forensic tools: Recent advances and enhancing the status quo. In: Forensic Science International: Digital Investigation, vol. 34, pp. 300999, 2020, ISSN: 2666-2817.

Estimate Levenshtein Distance (last update 2021/10/14)	is a tool (written in GoLang) that can estimate the Levenshtein Distance (LD) between two or more documents and is significantly faster than the original LD as it works on compressed signatures.