±Your Account
Membership:
New Today: 0
New Yesterday: 4
Overall: 24209
Visitors: 81±Latest Webinar
±Latest Articles
· Android Forensics
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
If the scope is as you have put it, you obviously are going to include *all* artifacts: from installation, via upload and download use (in different modes), through to uninstall, and for all 'bittorrent' that exist -- or at least major releases of them.
Nothing of that can be uninteresting.
If anything might be of special interest, I would at a stretch suggest analyzing sector (or cluster) hashes to identify any hashes that point stringly to the examined binaries. Or strings or other byte sequences that would be strongly indicative of the examined software. Or perhaps look at fuzzy hashing over binary files of different release versions, to get an idea of how well a fuzzy hash for version 1.0 matches versions 1.x or even 2.0.
However, if you are placing any restrictions on the research, it would be useful to know that first. Useless to suggest comparing multiple versions if you only plan to examine one, for example.
Research Paper - Torrent
Research Paper - Torrent
Posted: Thu Jan 12, 2012 7:51 am
Hi guys
I am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
I appreciate the help
I am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
I appreciate the help
-
Velandra - Newbie
Re: Research Paper - Torrent
Posted: Thu Jan 12, 2012 12:07 pm
- VelandraI am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
If the scope is as you have put it, you obviously are going to include *all* artifacts: from installation, via upload and download use (in different modes), through to uninstall, and for all 'bittorrent' that exist -- or at least major releases of them.
Nothing of that can be uninteresting.
If anything might be of special interest, I would at a stretch suggest analyzing sector (or cluster) hashes to identify any hashes that point stringly to the examined binaries. Or strings or other byte sequences that would be strongly indicative of the examined software. Or perhaps look at fuzzy hashing over binary files of different release versions, to get an idea of how well a fuzzy hash for version 1.0 matches versions 1.x or even 2.0.
However, if you are placing any restrictions on the research, it would be useful to know that first. Useless to suggest comparing multiple versions if you only plan to examine one, for example.
-
athulin - Senior Member