November 2019
Intermediate to advanced
346 pages
9h 36m
English
The basic idea behind ssdeep is to combine a number of traditional hashes whose boundaries are determined by the context of the input. This collection of hashes can then be used to identify modified versions of known files even when they have been modified by insertion, modification, or deletion.
For our recipe, we began by creating a set of four test strings meant as a toy example to illustrate how changes in a string will affect its similarity measures (step 1). The first, str1, is simply the first sentence of Lorem Ipsum. The second string, str2, differs in the capitalization of m in magna. The third string, str3, is missing the word magna altogether. Finally, the fourth string is an entirely different string. Our next ...