Here is a list of tools that we created over time. For more information about the actual implementation or collaboration, see the corresponding publication (c+p the title(s) into the search):
mrsh & co.
(last update 2015/04/10)
|is a similiartiy hashing / approximate matching tool equal to mrsh-net but uses Cuckoo filter instead of Bloom filter. This increases runtime efficiency and needs less memory.
How Cuckoo Filter Can Improve Existing Approximate Matching Techniques. In: James, Joshua; Breitinger, Frank (Ed.): Digital Forensics and Cyber Crime, pp. 39-52, Springer International Publishing, 2015, ISBN: 978-3-319-25511-8, (bf Best Paper Award).
(last update 2014/11/12)
|is the network implementation of mrsh-v2 which has a single huge Bloom filter for the signature.
File Detection On Network Traffic Using Approximate Matching. In: Journal of Digital Forensics, Security and Law (JDFSL), 9 (2), pp. 23–36, 2014, (bf Best Paper Award).
(last update 2013/10/04)
|is the original similarity hashing tool that allows to compares files / folders with each other.
Similarity Preserving Hashing: Eligible Properties and a New Algorithm MRSH-v2. In: Rogers, Marcus; Seigfried-Spellar, KathrynC. (Ed.): Digital Forensics and Cyber Crime, pp. 167-182, Springer Berlin Heidelberg, 2013, ISBN: 978-3-642-39890-2.
Further tools & data
(last update 2013/02/19)
|is a testing framework for approximate matching algorithms. Special thanks to Georgios Stivaktakis for the development and Edward Raff for the installations instructions.
FRASH: A Framework to Test Algorithms of Similarity Hashing. In: Digit. Investig., 10 , pp. S50–S58, 2014, ISSN: 1742-2876.
|Tool x86 / Tool x64
(last update 2013/02/19)
|an application that allows direct network-based communication with the Programable Logic Controller GE Fanuc Series 90-30 (no intermediate server is needed). Note, in contrast to what is mentioned in the publication, we removed the write functionality for security reasons.
Leveraging the SRTP protocol for over-the-network memory acquisition of a GE Fanuc Series 90-30. In: Digital Investigation, 22, Supplement , pp. S26 - S38, 2017, ISSN: 1742-2876.
|Timelin2GUI Tool and the training cases (three test cases to practice Log2Timeline). To check for updates, please see the corresponding github page.|
|Digital Forensics Tool Table
(last update 2020/06/11)
|is a list of forensics tools identified while reviewing almost 800 research articles from various digital forensic venues (2014-2019). The publication will be linked as soon as it is available.|