Notifications
Clear all

Shareaza Downloads

2 Posts
2 Users
0 Likes
1,558 Views
(@olifer)
Posts: 63
Trusted Member
Topic starter
 

In examining the .partial downloads located on a computer where the suspect is using Shareaza, the file creation dates and last modification dates are all different from each other, as expected. While looking at the completed downloads, which now of course have viewable titles, the creation date and times and last modification date and times are all equal within each video. Does that mean that once the partial is now complete and the file is "reassembled" on the computer that the creation date and time stamp of the completed download is reflecting when the download itself actually began?

 
Posted : 15/10/2016 12:04 am
(@athulin)
Posts: 1156
Noble Member
 

Does that mean that once the partial is now complete and the file is "reassembled" on the computer that the creation date and time stamp of the completed download is reflecting when the download itself actually began?

That conclusion does not seem to be warranted by the facts you have stated. At best, it may be a hypothesis that needs additional investigation. If you have additional facts, you may want to state them.

Some reasons why the hypothesis may be incorrect there may be variations in how Shareaza behaves in different releases. And there might be configuration settings that modify timestamp behaviour (easily checked, probably). Any Shareaza addons may modify behaviour. There may be differences in P2P network support (i.e. Gnutella, Edonkey, Bittorrent, and perhaps one or two more) – is time stamp treatment independent of protocol used, or not? And perhaps also more special things like if the partials are stored on the same volume as the finals or not? Does it matter if sharing downloads is enabled or not? Is client status relevant? (I hope it's clear that I'm not basing this on any deep knowledge of Shareaza in particular, just on things I've seen other file-transferring software do or allow.)

Best thing is probably to test Shareaza yourself, and model the testbed on the situation you are looking at (release, configuration, addons, …). You probably already know you can find many old versions at sites such as www.oldversions.com, for example, though you probably need to verify that you are using the real thing, and not some malware-infected stuff. Looks like most of it is available on SourceForge. Or perhaps you can find the installation file on the target computer in case *it* isn't a original.

I would probably use Process Monitor or similar tool to see what file-related system calls are done during different download as well as during putting the parts together, and especially if final file is the target of any set-timestamp call, and if so if there are any get-file-timestamp calls from where the timestamp(s) may be retrieved.

Of course, examining the source code would possibly be even better, as you won't need to rely on configuration differences. (See SourceForge for source code)

 
Posted : 15/10/2016 12:50 pm
Share: