Tracking Contraband Files Transmitted Using Bittorrent
Document Type
Conference Proceeding
Publication Date
2009
Abstract
This paper describes a digital forensic tool that uses an FPGA-based embedded software application to identify and track contraband digital files shared using the BitTorrent protocol. The system inspects each packet on a network for a BitTorrent Handshake message, extracts the "info hash" of the file being shared, compares the hash against a list of known contraband files and, in the event of a match, adds the message to a log file for forensic analysis. Experiments demonstrate that the system is able to successfully capture and process BitTorrent Handshake messages with a probability of at least 99.0% under a network traffic load of 89.6 Mbps on a 100 Mbps network.
Source Publication
Advances in Digital Forensics V. IFIP 306
Recommended Citation
Schrader K., Mullins B., Peterson G., Mills R. (2009) Tracking Contraband Files Transmitted Using Bittorrent. In: Peterson G., Shenoi S. (eds) Advances in Digital Forensics V. DigitalForensics 2009. IFIP Advances in Information and Communication Technology, vol 306, pp. 159-173. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04155-6_12
Comments
© IFIP International Federation for Information Processing 2009.
The "Link to Full Text" on this page opens the full paper in the SharedIt portal of SpringerNature. A download is available from that view.