Tracking Contraband Files Transmitted Using Bittorrent

Authors

Karl R. Schrader, Air Force Institute of Technology
Barry E. Mullins, Air Force Institute of TechnologyFollow
Gilbert L. Peterson, Air Force Institute of TechnologyFollow
Robert F. Mills, Air Force Institute of TechnologyFollow

Document Type

Conference Proceeding

Publication Date

2009

Abstract

This paper describes a digital forensic tool that uses an FPGA-based embedded software application to identify and track contraband digital files shared using the BitTorrent protocol. The system inspects each packet on a network for a BitTorrent Handshake message, extracts the "info hash" of the file being shared, compares the hash against a list of known contraband files and, in the event of a match, adds the message to a log file for forensic analysis. Experiments demonstrate that the system is able to successfully capture and process BitTorrent Handshake messages with a probability of at least 99.0% under a network traffic load of 89.6 Mbps on a 100 Mbps network.

Comments

© IFIP International Federation for Information Processing 2009.

The "Link to Full Text" on this page opens the full paper in the SharedIt portal of SpringerNature. A download is available from that view.

DOI

10.1007/978-3-642-04155-6_12

Source Publication

Advances in Digital Forensics V. IFIP 306

Recommended Citation

Schrader K., Mullins B., Peterson G., Mills R. (2009) Tracking Contraband Files Transmitted Using Bittorrent. In: Peterson G., Shenoi S. (eds) Advances in Digital Forensics V. DigitalForensics 2009. IFIP Advances in Information and Communication Technology, vol 306, pp. 159-173. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04155-6_12