Forensics and Security Research Group Forensics and Security UCD and SETU research group

Inbook

Forensic Analysis and Remote Evidence Recovery from Syncthing: An Open Source Decentralised File Synchronisation Utility

Conor Quinn; Mark Scanlon; Jason Farina; M-Tahar Kechadi

October 2015 Digital Forensics and Cyber Crime
PDF BibTeX DOI

Contribution Summary

This research contributes to the field of digital forensics by providing a comprehensive analysis of Syncthing, a decentralized file synchronization utility. The authors present a forensic analysis of the Syncthing client, its communication protocols, and its peer discovery methods. They also develop a proof-of-concept tool, Synchronisation Service Evidence Retrieval Tool (SSERT), for remote evidence recovery from Syncthing. The study highlights the importance of digital forensics procedures in addressing the challenges posed by decentralized services like Syncthing. The authors' work provides a valuable contribution to the field of digital forensics, particularly in the context of cloudless file synchronization services.

Keywords: Syncthing; Digital Forensics; Remote Evidence Recovery; Decentralized File Synchronization; Cloudless Services; Forensic Analysis; Network Communication Protocol; Peer Discovery

Abstract

Commercial and home Internet users are becoming increasingly concerned with data protection and privacy. Questions have been raised regarding the privacy afforded by popular cloud-based file synchronisation services such as Dropbox, OneDrive and Google Drive. A number of these services have recently been reported as sharing information with governmental security agencies without the need for warrants to be granted. As a result, many users are opting for decentralised (cloudless) file synchronisation alternatives to the aforementioned cloud solutions. This paper outlines the forensic analysis and applies remote evidence recovery techniques for one such decentralised service, Syncthing.

BibTeX

@Inbook{quinn2015syncthingforensics,
	author={Quinn, Conor and Scanlon, Mark and Farina, Jason and Kechadi, M-Tahar},
	title="{Forensic Analysis and Remote Evidence Recovery from Syncthing: An Open Source Decentralised File Synchronisation Utility}",
	booktitle="Digital Forensics and Cyber Crime",
	month=10,
	year=2015,
	volume="157",
	number="1",
	series={Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering},
	editor={James, Joshua I. and Breitinger, Frank},
	doi="10.1007/978-3-319-25512-5_7",
	url="http://dx.doi.org/10.1007/978-3-319-25512-5_7",
	publisher="Springer International Publishing",
	keywords="Syncthing; Digital forensics; Remote forensics; Network analysis; Evidence recovery",
	pages="85-99",
	isbn="978-3-319-25511-8",
	abstract="Commercial and home Internet users are becoming increasingly concerned with data protection and privacy. Questions have been raised regarding the privacy afforded by popular cloud-based file synchronisation services such as Dropbox, OneDrive and Google Drive. A number of these services have recently been reported as sharing information with governmental security agencies without the need for warrants to be granted. As a result, many users are opting for decentralised (cloudless) file synchronisation alternatives to the aforementioned cloud solutions. This paper outlines the forensic analysis and applies remote evidence recovery techniques for one such decentralised service, Syncthing."
}