±Forensic Focus Partners
New Today: 0
New Yesterday: 0
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
· Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
±Follow Forensic Focus
Research Paper - Torrent
I am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
I appreciate the help
- VelandraI am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
If the scope is as you have put it, you obviously are going to include *all* artifacts: from installation, via upload and download use (in different modes), through to uninstall, and for all 'bittorrent' that exist -- or at least major releases of them.
Nothing of that can be uninteresting.
If anything might be of special interest, I would at a stretch suggest analyzing sector (or cluster) hashes to identify any hashes that point stringly to the examined binaries. Or strings or other byte sequences that would be strongly indicative of the examined software. Or perhaps look at fuzzy hashing over binary files of different release versions, to get an idea of how well a fuzzy hash for version 1.0 matches versions 1.x or even 2.0.
However, if you are placing any restrictions on the research, it would be useful to know that first. Useless to suggest comparing multiple versions if you only plan to examine one, for example.
- Senior Member