Methodology to Investigate BitTorrent Sync Protocol

Algimantas Venčkauskas; Vacius Jusas; Kęstutis Paulikas; Jevgenijus Toldinas

Geodesic

Parcourir par

Methodology to Investigate BitTorrent Sync Protocol

Algimantas Venčkauskas ; Vacius Jusas ; Kęstutis Paulikas ; Jevgenijus Toldinas

Computer Science and Information Systems, Tome 14 (2017) no. 1.

Voir la notice de l'article provenant de la source Computer Science and Information Systems website

Résumé

The BitTorrent Sync client application is the most progressive development in the BitTorrent family. Nevertheless, it can be used for the activities that draw the attention of the forensics invetigators. The BitTorrent Sync client application employs quite largely the encryption for sending data packages. The initiation of the activity is carried out in the plain text only. Therefore, we proposed the methodology that enables to capture the initiation step and to inform the forensics investigator, which then takes the reactive actions. The experiment was carried in two modes: 1) simulating of the use of the BitTorrent Sync application; 2) monitoring of real traffic on the Internet. During the monitoring, it is possible to calculate the public lookup SHA1 hash of the shared file. The comparison of the calculated hash with the list of publicly available hashes allows determination whether sharing of the file is legal or illegal. The presented methodology can be applied to any BitTorrent protocol.

Keywords: BitTorrent protocol, forensics investigation, computer network, cybercrime

@article{CSIS_2017_14_1_a10,
     author = {Algimantas Ven\v{c}kauskas and Vacius Jusas and K\k{e}stutis Paulikas and Jevgenijus Toldinas},
     title = {Methodology to {Investigate} {BitTorrent} {Sync} {Protocol}},
     journal = {Computer Science and Information Systems},
     publisher = {mathdoc},
     volume = {14},
     number = {1},
     year = {2017},
     url = {http://geodesic.mathdoc.fr/item/CSIS_2017_14_1_a10/}
}

TY  - JOUR
AU  - Algimantas Venčkauskas
AU  - Vacius Jusas
AU  - Kęstutis Paulikas
AU  - Jevgenijus Toldinas
TI  - Methodology to Investigate BitTorrent Sync Protocol
JO  - Computer Science and Information Systems
PY  - 2017
VL  - 14
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/CSIS_2017_14_1_a10/
ID  - CSIS_2017_14_1_a10
ER  -

%0 Journal Article
%A Algimantas Venčkauskas
%A Vacius Jusas
%A Kęstutis Paulikas
%A Jevgenijus Toldinas
%T Methodology to Investigate BitTorrent Sync Protocol
%J Computer Science and Information Systems
%D 2017
%V 14
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/CSIS_2017_14_1_a10/
%F CSIS_2017_14_1_a10

Algimantas Venčkauskas; Vacius Jusas; Kęstutis Paulikas; Jevgenijus Toldinas. Methodology to Investigate BitTorrent Sync Protocol. Computer Science and Information Systems, Tome 14 (2017) no. 1. http://geodesic.mathdoc.fr/item/CSIS_2017_14_1_a10/