Tracking Contraband Files Transmitted Using Bittorrent

Document Type

Conference Proceeding

Publication Date



This paper describes a digital forensic tool that uses an FPGA-based embedded software application to identify and track contraband digital files shared using the BitTorrent protocol. The system inspects each packet on a network for a BitTorrent Handshake message, extracts the "info hash" of the file being shared, compares the hash against a list of known contraband files and, in the event of a match, adds the message to a log file for forensic analysis. Experiments demonstrate that the system is able to successfully capture and process BitTorrent Handshake messages with a probability of at least 99.0% under a network traffic load of 89.6 Mbps on a 100 Mbps network.


© IFIP International Federation for Information Processing 2009.

The "Link to Full Text" on this page opens the full paper in the SharedIt portal of SpringerNature. A download is available from that view.

Source Publication

Advances in Digital Forensics V. IFIP 306