Forensics of BitTorrent

Jamie Acorn

(2008)

Jamie Acorn (2008) Forensics of BitTorrent.

Our Full Text Deposits

Full text access: Open

Full Text - 486.84 KB

Links to Copies of this Item Held Elsewhere

Mathematics Departmental Web Page

Abstract

The aim of this study was to identify forensic artefacts produced by BitTorrent file sharing, and specifically, to establish if the artefacts could lead to identification of the files downloaded or the files shared. A further objective was to identify any artefacts that could determine IP addresses of remote computers from which data was downloaded, or shared, during the test phase. The final aim was to test whether automated erasing software would delete the BitTorrent artefacts identified. The BitTorrent clients BitComet, uTorrent, Azureus, ABC, and BitTornado were chosen to test as these were determined to be the most "popular" at the time of this study. Each client was analysed with forensic software on generated image files and also in situ. The analysis demonstrated that it was possible to identify files that were currently being downloaded and files currently being shared. It was also possible to identify the amount of data that had been exchanged i.e. uploaded or downloaded for specific files. Some clients produced artefacts that revealed a complete record of the torrent files that had been downloaded and shared. Analysis also revealed that some clients stored the Internet Protocol (IP) addresses of remote computers, with which they had connected when downloading or sharing specific files. The detail and forensic quality of information identified, varied between the clients tested. Finally the Cyberscrub Privicy Suite software (version 4.5) was found to successfully delete (beyond recovery) most of the BitTorrent artefacts identified. The program is designed to specifically delete "sensitive" information produced by the clients: BitComet, uTorrent and Azureus.

Information about this Version

This is a Published version
This version's date is: 15/01/2008
This item is peer reviewed

Link to this Version

https://repository.royalholloway.ac.uk/items/b3857527-37ee-d134-e6c2-409c75d2605a/1/

Item TypeMonograph (Technical Report)
TitleForensics of BitTorrent
AuthorsAcorn, Jamie
DepartmentsFaculty of Science\Mathematics

Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010

Notes

References

[1] Wikimedia Foundation, Inc. (September, 2007): BitTorrent,
http://en.wikipedia.org/wiki/BitTorrent

[2] Cohen, B. (May 2003): Incentives Build Robustness in BitTorrent,
http://www.bittorrent.org/bittorrentecon.pdf

[3] BitTorrent.org (2006): DHT protocol,
http://www.bittorrent.org/Draft_DHT_protocol.html

[4] Wikimedia Foundation, Inc. (September, 2007): BitTorrent Client
http://en.wikipedia.org/wiki/BitTorrent_client

[5] TorrentFreak (September, 2006): BitTorrent: The “one third of all Internet
traffic” Myth, http://torrentfreak.com/bittorrent-the-one-third-of-all-internettraffic-
myth/

[6] TorrentFreak (March, 2007): LimeWire Most Installed P2P Application,
BitTorrent Clients Runner up, http://torrentfreak.com/limewire-mostinstalled-
p2p-application-bittorrent-clients-runner-up/

[7] TorrentFreak (April, 2006): BitTorrent Client Comparison,
http://torrentfreak.com/BitTorrent-client-comparison/

[8] Gil, P. (June 2007): About.com: Internet for beginners,
http://netforbeginners.about.com/od/peersharing/f/torrentclients.htm

[9] Demonoid.com (2007): Disclaimer, http://www.demonoid.com

[10] Reuters Ltd. (May, 2005): Federal agents shut down network that leaked '
Star Wars', http://www.governmentsecurity.org/archive/t14909.html

[11] Music Publishers Association (MPA) & L.E.K. Consulting (2006): The Cost
of Movie Piracy, http://www.mpaa.org/2006_05_03leksumm.pdf

[12] Borland, J. (March, 2004): "Judge: File sharing legal in Canada",
http://news.com.com/2100-1027-5182641.html

[13] Sophos (November, 2001): Glossary of terms,
http://www.sophos.com/pressoffice/news/articles/2001/11/va_glossary
.html#controlled _application

[14] TorrentFreak (June, 2007): Windows Worm Uses BitTorrent to
Propagate, http://torrentfreak.com/windows-worm-uses-bittorrent-topropagate/

[15] Sophos (September, 2007): W32/Impard-A Worm,
http://www.sophos.com/virusinfo/analyses/w32imparda.html

[16] Woodward, A. (2005): The effectiveness of commercial erasure
programs on BitTorent activity,
http://scissec.scis.ecu.edu.au/conference_proceedings/2005/forensics/
woodward.pdf

[17] CyberScrub LLC (September, 2007): CyberScrub Privacy Suite 4.5,
http://www.cyberscrub.us/products/privacysuite/features.php

[18] AccessData Cooperation (September, 2007): "AccessData: Registry
Quick Find Chart",
http://www.accessdata.com/media/en_US/print/papers/wp.Registry_Qui
ck_Find_Chart.en_us.pdf

[19] BitTorrent.org (2006): BitTorrent protocol specification,
http://www.bittorrent.org/protocol.html

Details