±Forensic Focus Partners
New Today: 1
New Yesterday: 3
±Forensic Focus Partner Links
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
Research Paper - Torrent
I am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
I appreciate the help
- VelandraI am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?
If the scope is as you have put it, you obviously are going to include *all* artifacts: from installation, via upload and download use (in different modes), through to uninstall, and for all 'bittorrent' that exist -- or at least major releases of them.
Nothing of that can be uninteresting.
If anything might be of special interest, I would at a stretch suggest analyzing sector (or cluster) hashes to identify any hashes that point stringly to the examined binaries. Or strings or other byte sequences that would be strongly indicative of the examined software. Or perhaps look at fuzzy hashing over binary files of different release versions, to get an idea of how well a fuzzy hash for version 1.0 matches versions 1.x or even 2.0.
However, if you are placing any restrictions on the research, it would be useful to know that first. Useless to suggest comparing multiple versions if you only plan to examine one, for example.
- Senior Member