±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35755
New Yesterday: 1 Visitors: 160

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Examination of Azureus/Vuze Config files

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Omnius
Member
 

Examination of Azureus/Vuze Config files

Post Posted: Apr 03, 19 07:28

Heya,

I've got a case in which the user has been using Vuze to download illegal material on OSX Darwin. I've been able to parse the majority of the config files using the Bencode-Editor but having trouble discerning exactly what each line refers to.

Here's an excerpt of an entry in the 'dlhistoryd.config' file,:

Code:
ITEM 2(d)[8]
a (i)= 1496354382290
c (i)= 1496359020063
h (b)[20]= Garbled code
n (b)[75]= Torrent name
r (i)= 1496360193881
s (b)[124]= Path to File
u (i)= 4888314154609278976
z (i)= 368915498

I've located the downloaded file and taken a stab at what each line means:

a (i)= Unix Time Stamp - Creation Date / Download Start
c (i)= Unix Time Stamp - Modified Date / Download Finished
h (b)[20]= Possibly a hash value? Shows as gibberish in Bencode Editor / X-Ways
n (b)[75]= Torrent name
r (i)= Unix Time Stamp - Last Accessed?
s (b)[124]= Path to File
u (i)= Another time stamp? Unable to match it to any standardised 19-digit Epoch times I was able to find. Minus values are also present.
z (i)= File Size in Bytes


Anyone worked on a Vuze case that can enlighten me? I plan on performing a test myself, but time does not allow for it in this instance.  
 
  

watcher
Senior Member
 

Re: Examination of Azureus/Vuze Config files

Post Posted: Apr 03, 19 19:15

- Omnius
I've got a case in which the user has been using Vuze to download illegal material on OSX Darwin. I...


Vuze was a rename some time back from Azureus. On my Linux machine, all the logs and history information for Vuze is contained in the hidden directory of ".azureus", note the leading dot.

I don't know what OSX does, but you might want to take a quick look.  
 
  

Omnius
Member
 

Re: Examination of Azureus/Vuze Config files

Post Posted: Apr 04, 19 11:48

- watcher
- Omnius
I've got a case in which the user has been using Vuze to download illegal material on OSX Darwin. I...


Vuze was a rename some time back from Azureus. On my Linux machine, all the logs and history information for Vuze is contained in the hidden directory of ".azureus", note the leading dot.

I don't know what OSX does, but you might want to take a quick look.


Cheers for replying! Unfortunately I'm unable to locate such a directory within X-Ways.

I can at least confirm the download start/finish times with what I've gotten so far.  
 

Page 1 of 1