A Methodology and Tool for Investigation of Artifacts Left by the BitTorrent Client

The BitTorrent client application is a popular utility for sharing large files over the Internet. Sometimes, this powerful utility is used to commit cybercrimes, like sharing of illegal material or illegal sharing of legal material. In order to help forensics investigators to fight against these cyb...

Full description

Saved in:
Bibliographic Details
Published in:Symmetry (Basel) 2016, Vol.8 (6), p.40-40
Main Authors: Venckauskas, Algimantas, Jusas, Vacius, Paulikas, Kestutis, Toldinas, Jevgenijus
Format: Article
Language:English
Subjects:
BitTorrent protocol
Computer information security
Crime
cybercrime
Forensic engineering
forensics investigation
Illegal
Methodology
Utilities
XML
XML format
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The BitTorrent client application is a popular utility for sharing large files over the Internet. Sometimes, this powerful utility is used to commit cybercrimes, like sharing of illegal material or illegal sharing of legal material. In order to help forensics investigators to fight against these cybercrimes, we carried out an investigation of the artifacts left by the BitTorrent client. We proposed a methodology to locate the artifacts that indicate the BitTorrent client activity performed. Additionally, we designed and implemented a tool that searches for the evidence left by the BitTorrent client application in a local computer running Windows. The tool looks for the four files holding the evidence. The files are as follows: *.torrent, dht.dat, resume.dat, and settings.dat. The tool decodes the files, extracts important information for the forensic investigator and converts it into XML format. The results are combined into a single result file.
ISSN:2073-8994
2073-8994
DOI:10.3390/sym8060040