Difference between revisions of "Context Triggered Piecewise Hashing"

From ForensicsWiki
Jump to: navigation, search
Line 11: Line 11:
* [http://samba.org/ftp/unpacked/junkcode/spamsum/ SpamSum]
* [http://samba.org/ftp/unpacked/junkcode/spamsum/ SpamSum]

Revision as of 13:17, 9 April 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Context Triggered Piecewise Hashing, also called Fuzzy Hashing, can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.

CTPH was originally based on the work of Dr. Andrew Tridgell and a spam email detector called SpamSum. This method was adapted by Jesse Kornblum and published at the DFRWS conference in 2006 in a paper Identifying Almost Identical Files Using Context Triggered Piecewise Hashing.


  • ssdeep is a cross-platform CTPH client.

External Links