Article
Leveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync
Contribution Summary
This paper addresses the challenge of remote digital evidence retrieval from decentralized file synchronization services, focusing on BitTorrent Sync. The authors present a methodology for the identification, investigation, recovery, and verification of remote digital evidence, including a proof-of-concept implementation. The paper discusses the challenges and opportunities of remote digital evidence retrieval in the context of mobile devices and cloud-based services, highlighting the need for a solution to this problem. The authors' contribution is a methodology for the forensically sound remote recovery and verification of digital evidence from decentralized file synchronization services, enabling forensic investigators to overcome counter-forensic techniques employed by cybercriminals.
Keywords: digital evidence; remote evidence recovery; BitTorrent Sync; decentralized file synchronization; mobile device forensics; cloud-based services; digital forensics; cybercrime
Abstract
File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence."
BibTeX
@article{scanlon2014leveraging,
author={Scanlon, Mark and Farina, Jason and Le Khac, Nhien-An and Kechadi, M-Tahar},
title="{Leveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync}",
journal="{Journal of Digital Forensics, Security and Law: Proc. of Sixth International Conference on Digital Forensics & Cyber Crime (ICDF2C 2014)}",
year=2014,
month=09,
pages="85-99",
address={New Haven, CT, USA},
publisher={ADFSL},
doi="https://doi.org/10.15394/jdfsl.2014.1173",
abstract="File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.""
}