文章基本信息

标题：Methodology to investigate BitTorrent sync protocol
本地全文：下载
作者：Venčkauskas, Algimantas ; Jusas, Vacius ; Paulikas, Kęstutis 等
期刊名称：Computer Science and Information Systems
印刷版ISSN：1820-0214
电子版ISSN：2406-1018
出版年度：2017
卷号：14
期号：1
页码：197-218
出版社：ComSIS Consortium
摘要：The BitTorrent Sync client application is the most progressive development in the BitTorrent family. Nevertheless, it can be used for the activities that draw the attention of the forensics invetigators. The BitTorrent Sync client application employs quite largely the encryption for sending data packages. The initiation of the activity is carried out in the plain text only. Therefore, we proposed the methodology that enables to capture the initiation step and to inform the forensics investigator, which then takes the reactive actions. The experiment was carried in two modes: 1) simulating of the use of the BitTorrent Sync application; 2) monitoring of real traffic on the Internet. During the monitoring, it is possible to calculate the public lookup SHA1 hash of the shared file. The comparison of the calculated hash with the list of publicly available hashes allows determination whether sharing of the file is legal or illegal. The presented methodology can be applied to any BitTorrent protocol.
关键词：BitTorrent protocol; forensics investigation; computer network; cyber crime