Article
BitTorrent Sync: First Impressions and Digital Forensic Implications
Contribution Summary
This paper presents a comprehensive analysis of BitTorrent Sync, a decentralized file synchronization service that has gained popularity as an alternative to cloud-based services. The authors conduct a forensic analysis of the client application, its behavior, and artefacts created during installation and use. They examine the network traffic and file I/O interactions used in the synchronization process, providing valuable insights for digital forensic investigators. The study highlights the importance of understanding BitTorrent Sync and its implications for future investigations, particularly in cases involving industrial espionage, copyright infringement, and other crimes. The authors' findings provide a foundation for further research and development of digital forensic techniques for analyzing BitTorrent Sync and other decentralized file synchronization services.
Keywords: BitTorrent Sync; Digital Forensics; Decentralized File Synchronization; Peer-to-Peer; Network Traffic Analysis; File I/O Interactions; Digital Investigations; Cloud Alternatives
Abstract
With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations.
BibTeX
@article{Farina2014S77,
title = "BitTorrent Sync: First Impressions and Digital Forensic Implications",
journal = "Digital Investigation",
volume = "11, Supplement 1",
number = "1",
pages = "S77-S86",
year = 2014,
month = 03,
note = "Proceedings of the First Annual \{DFRWS\} Europe",
issn = "1742-2876",
doi = "http://dx.doi.org/10.1016/j.diin.2014.03.010",
url = "http://www.sciencedirect.com/science/article/pii/S1742287614000152",
author = "Farina, Jason and Scanlon, Mark and Kechadi, M-Tahar",
keywords = "BitTorrent",
keywords = "Sync",
keywords = "Peer-to-Peer",
keywords = "Synchronisation",
keywords = "Privacy",
keywords = "Digital forensics",
abstract="With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations."
}