Jon Oliver

Abstract

 

Similarity digests are an efficient way to search for similar files - the file(s) may match some malicious code - or some desired text - or a HTML document. They are also a useful tool in digital forensics and security applications. In this workshop, we will use open source similarity digests (Ssdeep, TLSH, Sdhash and Nilsimsa) and perform a range of exercises including matching files, considering how documents can be modified to avoid matching, setting thresholds, and considerations concerning false positive matches. We will perform exercises on a range of file types including HTML files, executable files, text documents, and image files.

The session will be run on AWS instances. I will fire up the instances and provide a .pem file and instructions on how to log into AWS. The participants require a laptop with ssh capability (so Mac – or Cygwin on Windows, etc etc etc). We can set up an AWS instance before the session so that participants can test they can log in before hand.