±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 0
Overall: 27350
Visitors: 51

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Research Paper - Torrent

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Research Paper - Torrent

Post Posted: Thu Jan 12, 2012 7:51 am

Hi guys

I am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?

I appreciate the help  

Velandra
Newbie
 
 
  

Re: Research Paper - Torrent

Post Posted: Thu Jan 12, 2012 12:07 pm

- Velandra
I am currently working on a research paper on forensically reviewing bittorrent artefacts, however I would like to push the ball a bit furhter and ask my peers what they would think is good to include in the research and experiment, so to say what the need in the community is?


If the scope is as you have put it, you obviously are going to include *all* artifacts: from installation, via upload and download use (in different modes), through to uninstall, and for all 'bittorrent' that exist -- or at least major releases of them.

Nothing of that can be uninteresting.

If anything might be of special interest, I would at a stretch suggest analyzing sector (or cluster) hashes to identify any hashes that point stringly to the examined binaries. Or strings or other byte sequences that would be strongly indicative of the examined software. Or perhaps look at fuzzy hashing over binary files of different release versions, to get an idea of how well a fuzzy hash for version 1.0 matches versions 1.x or even 2.0.

However, if you are placing any restrictions on the research, it would be useful to know that first. Useless to suggest comparing multiple versions if you only plan to examine one, for example.  

athulin
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1