Jamie Acorn (2008) Forensics of BitTorrent.
Full text access: Open
The aim of this study was to identify forensic artefacts produced by BitTorrent file sharing, and specifically, to establish if the artefacts could lead to identification of the files downloaded or the files shared. A further objective was to identify any artefacts that could determine IP addresses of remote computers from which data was downloaded, or shared, during the test phase. The final aim was to test whether automated erasing software would delete the BitTorrent artefacts identified. The BitTorrent clients BitComet, uTorrent, Azureus, ABC, and BitTornado were chosen to test as these were determined to be the most "popular" at the time of this study. Each client was analysed with forensic software on generated image files and also in situ. The analysis demonstrated that it was possible to identify files that were currently being downloaded and files currently being shared. It was also possible to identify the amount of data that had been exchanged i.e. uploaded or downloaded for specific files. Some clients produced artefacts that revealed a complete record of the torrent files that had been downloaded and shared. Analysis also revealed that some clients stored the Internet Protocol (IP) addresses of remote computers, with which they had connected when downloading or sharing specific files. The detail and forensic quality of information identified, varied between the clients tested. Finally the Cyberscrub Privicy Suite software (version 4.5) was found to successfully delete (beyond recovery) most of the BitTorrent artefacts identified. The program is designed to specifically delete "sensitive" information produced by the clients: BitComet, uTorrent and Azureus.
This is a Published version This version's date is: 15/01/2008 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/b3857527-37ee-d134-e6c2-409c75d2605a/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
[1] Wikimedia Foundation, Inc. (September, 2007): BitTorrent,http://en.wikipedia.org/wiki/BitTorrent
[2] Cohen, B. (May 2003): Incentives Build Robustness in BitTorrent,http://www.bittorrent.org/bittorrentecon.pdf
[3] BitTorrent.org (2006): DHT protocol,http://www.bittorrent.org/Draft_DHT_protocol.html
[4] Wikimedia Foundation, Inc. (September, 2007): BitTorrent Clienthttp://en.wikipedia.org/wiki/BitTorrent_client
[5] TorrentFreak (September, 2006): BitTorrent: The “one third of all Internettraffic” Myth, http://torrentfreak.com/bittorrent-the-one-third-of-all-internettraffic-myth/
[6] TorrentFreak (March, 2007): LimeWire Most Installed P2P Application,BitTorrent Clients Runner up, http://torrentfreak.com/limewire-mostinstalled-p2p-application-bittorrent-clients-runner-up/
[7] TorrentFreak (April, 2006): BitTorrent Client Comparison,http://torrentfreak.com/BitTorrent-client-comparison/
[8] Gil, P. (June 2007): About.com: Internet for beginners,http://netforbeginners.about.com/od/peersharing/f/torrentclients.htm
[9] Demonoid.com (2007): Disclaimer, http://www.demonoid.com
[10] Reuters Ltd. (May, 2005): Federal agents shut down network that leaked 'Star Wars', http://www.governmentsecurity.org/archive/t14909.html
[11] Music Publishers Association (MPA) & L.E.K. Consulting (2006): The Costof Movie Piracy, http://www.mpaa.org/2006_05_03leksumm.pdf
[12] Borland, J. (March, 2004): "Judge: File sharing legal in Canada",http://news.com.com/2100-1027-5182641.html
[13] Sophos (November, 2001): Glossary of terms,http://www.sophos.com/pressoffice/news/articles/2001/11/va_glossary.html#controlled _application
[14] TorrentFreak (June, 2007): Windows Worm Uses BitTorrent toPropagate, http://torrentfreak.com/windows-worm-uses-bittorrent-topropagate/
[15] Sophos (September, 2007): W32/Impard-A Worm,http://www.sophos.com/virusinfo/analyses/w32imparda.html
[16] Woodward, A. (2005): The effectiveness of commercial erasureprograms on BitTorent activity,http://scissec.scis.ecu.edu.au/conference_proceedings/2005/forensics/woodward.pdf
[17] CyberScrub LLC (September, 2007): CyberScrub Privacy Suite 4.5,http://www.cyberscrub.us/products/privacysuite/features.php
[18] AccessData Cooperation (September, 2007): "AccessData: RegistryQuick Find Chart",http://www.accessdata.com/media/en_US/print/papers/wp.Registry_Quick_Find_Chart.en_us.pdf
[19] BitTorrent.org (2006): BitTorrent protocol specification,http://www.bittorrent.org/protocol.html