ssdeep - Latest version 2.11


Quick Links

Introduction

ssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.

A complete explanation of CTPH can be found in Identifying almost identical files using context triggered piecewise hashing from the journal Digital Investigation. There is a free version of this paper available through the Digital Forensic Research Workshop conference, free version of Identifying almost identical files using context triggered piecewise hashing.

There are some usage scenarios in the Quickstart guide and the Forensics Wiki entry on ssdeep.

The package also includes a fuzzy hashing API. The API is documented in the file API.TXT in the Windows distribution and README in the source code package.

See Also

The math behind fuzzy hashing was originally developed by Dr. Andrew Trigdell in a spam dectector he called spamsum.

Supported Platforms

Microsoft Windows

The program runs on Microsoft Windows 2000, XP, 2003, and Vista. It is not supported on Windows 95, 98, Me, 3.1, 3.11, or 3.11 for Workgroups.

*nix

The program has been tested on Open Solaris, FreeBSD, Linux, and Mac OS X. It should compile and run on any other platform that is supported by the GNU Build Tools.

Download

Stable Version

The latest stable version of ssdeep is version 2.11 and was released on 11 Sep 2014 You can take a look at the complete changelog, but here are the changes in the latest version:

Version 2.11 11 Sep 2014 Windows binary SHA256 3b74deff08d97048bd49764ca5bfdbaa6d5d95dd4f7b6e21162561057471413e
source code SHA256 82cc0e06f44127fc5c9c507881951714981da6187cdcfed0158c9167f39effc7

Beta Version

There is no beta version of ssdeep right now. If you have any problems or would like to see something added to ssdeep, please send mail to the developer at research at) jessekornblum !dot) com or visit the Sourceforge project page .

Older Versions

Although older versions of ssdeep are available for historical purposes, you shouldn't use these unless you have a truly compelling reason.

Version Date Format Hash
2.10 17 Jul 2013 Windows binary SHA256 dc4350b6d0190d8149ac53454d9ffd458b08a8cd69b2c841c62700254c1916c7
source code SHA256 5b893b8059941476352fa1794c2839b2cc13bc2a09e2f2bb6dea4184217beddc
2.9 23 Jul 2012 Windows binary SHA256 15f7273ff232348294acc2e14dd68a2118844c0b4cd0c1938204fb2addcd731f
source code SHA256 5270297d315541d188b11047fc26c1d4269ef853a0cabb0d59ee8d9a327bf8aa
2.8 25 May 2012 Windows binary SHA256 73d71ab8cf705684fd40fd358f752345237a642e8978f3302d19cd0fa6f7567a
source code SHA256 93bd1c4abdc428f14c92f73ea8a75ad9fb728fffd16c38d8fadc3f631d8fc426
2.7 30 Sep 2011 Windows binary SHA256 da483426a1c887a5a425f689cb22c9040fb668559e6f0c3604237d820bb3b57b
source code SHA256 b76a60a8f96789895703316ed3b36d1f0c1f35be892d875b69b0a1f814472a36
2.6 28 Sep 2010 Windows binary SHA256 f18a0d80a265305004aefee377cb71ba74cebf22eb8809885403eaa0223aa9a3
source code SHA256 06e73821203e0148d0f302b00288fc4d1ad3a94d580a4222bf534b6515372756
2.5 6 May 2010 Windows binary SHA256 dbd700b4eeee564312109b8a01da41174f895bda5a4fef2edef2dfe3541d8d8d
source code SHA256 3fcee1b8e1116fa0d1dfaed8a6de9b26ffa3139323a41aaade29bfa80b069a14
2.4 25 Feb 2010 Windows binary SHA256 e7585136919bbbbed44ec2406f5045152d1da1e5eb8ec1b173af3fc9ff115438
source code SHA256 e374774c97599c8eb6cf83f2767437af0ea8b2a0f254ee86c10fc8a09a684435
2.3 10 Jan 2010 Windows binary SHA256 bb44a3ee8c4e2c5ada6da2f4500f93762852993e9c6e9779ddb12026cc541a45
source code SHA256 32a81cac4cc3509c1739cae5e1e3cd6764adda0f8d3ae8b40313e7fdfcb47f6d
2.2 22 Jul 2009 Windows binary SHA256 00cf0ecf78babca526cdcb8b1f245f5f4694def918e95ed7634e7b4b6fd17967
source code SHA256 9d17dfe29aad4cee8f91d9d1f28b2d1c27a4cae8b25cb23d6d89609ad4a8ee1b
2.1 1 Jan 2009 Windows binary SHA256 182b9f06299fdd9c2029be0e5dcabae193f5bc61f2da744d93f45c4f72ded692
source code SHA256 6bd39b604547813511094deb3c79e183c4906869bf23ac0d4a714ea43cf8ac15
2.0 2 Apr 2008 Windows binary SHA256 be93a7f288e2c798ae48234b2a05395035b2ade419b0c3da7acd909396a4b71c
source code SHA256 3fe8b8dea4ed52102f6cbcb00e7311ee1ccc19134d42f3525c10c8969543be58
1.1 14 Aug 2006 Windows binary SHA256 fb2390457b4a4ba7a63bb6c6f31da3e3d0001eede7e6344d7b60632747437166
source code SHA256 79aafa665aa4d79134c2f585674229ebe2306b77e9184fcc28b1d79de2161c44



License

The ssdeep program and its API are licensed under the terms of version 2 of the GNU General Public License.


About the developer

ssdeep was written by Jesse Kornblum of the ManTech International Corporation . Please send all correspondence to research *at jessekornblum .dot com.


Acknowledgements

Code for the threshold mode contributed by Jason Sherman. The testing of this program was made possible in part thanks to the generosity of the Computer Science Department at the University of Iowa.




SourceForge.net Logo