Journal's Facebook pageMethodology to Investigate BitTorrent Sync Protocol
- Computer Department, Kaunas University of Technology
Studentu st. 50, LT-51368, Kaunas, Lithuania
{algimantas.venckauskas,vacius.jusas, kestutis.paulikas, eugenijus.toldinas}@ktu.lt
Abstract
The BitTorrent Sync client application is the most progressive development in the BitTorrent family. Nevertheless, it can be used for the activities that draw the attention of the forensics invetigators. The BitTorrent Sync client application employs quite largely the encryption for sending data packages. The initiation of the activity is carried out in the plain text only. Therefore, we proposed the methodology that enables to capture the initiation step and to inform the forensics investigator, which then takes the reactive actions. The experiment was carried in two modes: 1) simulating of the use of the BitTorrent Sync application; 2) monitoring of real traffic on the Internet. During the monitoring, it is possible to calculate the public lookup SHA1 hash of the shared file. The comparison of the calculated hash with the list of publicly available hashes allows determination whether sharing of the file is legal or illegal. The presented methodology can be applied to any BitTorrent protocol.
Key words
BitTorrent protocol, forensics investigation, computer network, cybercrime
Digital Object Identifier (DOI)
https://doi.org/10.2298/CSIS160212032V
Publication information
Volume 14, Issue 1 (January 2017)
Year of Publication: 2017
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium
Full text
Available in PDF
Portable Document Format
How to cite
Venčkauskas, A., Jusas, V., Paulikas, K., Toldinas, J.: Methodology to Investigate BitTorrent Sync Protocol. Computer Science and Information Systems, Vol. 14, No. 1, 197–218. (2017), https://doi.org/10.2298/CSIS160212032V
