Journals A-Z
All Subjects
Free Journals
sciepub.com
Information Security and Computer Fraud
ISSN (Print): 2376-9602 ISSN (Online): 2376-9629 Website: https://www.sciepub.com/journal/iscf Editor-in-chief: Sergii Kavun
Open Access
Journal Browser
Go
Issue 2, Volume 3
Article Metrics
  • 32124
    Views
  • 30526
    Saves
  • 0
    Citations
  • 3
    Likes
Export Article
Information Security and Computer Fraud. 2015, 3(2), 25-31
DOI: 10.12691/iscf-3-2-1
Open AccessArticle

Investigation of Artefacts Left by BitTorrent Client in Windows 8 Registry

Algimantas Venčkauskas1, Robertas Damaševičius1, Nerijus Jusas1, Vacius Jusas1, , Stasys Maciulevičius1, Romas Marcinkevičius1, Kęstutis Paulikas1 and Jevgenijus Toldinas1

1Computer Department, Kaunas University of Technology, Kaunas, Lithuania

Pub. Date: September 16, 2015
View Full Text Full Text PDF (332 KB) Full Text ePUB(542 KB)

Cite this paper:
Algimantas Venčkauskas, Robertas Damaševičius, Nerijus Jusas, Vacius Jusas, Stasys Maciulevičius, Romas Marcinkevičius, Kęstutis Paulikas and Jevgenijus Toldinas. Investigation of Artefacts Left by BitTorrent Client in Windows 8 Registry. Information Security and Computer Fraud. 2015; 3(2):25-31. doi: 10.12691/iscf-3-2-1

Abstract

BitTorrent client application is a popular tool to download large files from Internet, but this application is quite frequently used for illegal purposes that are one of the types of cybercrimes. If order to fight against this type of cybercrime we carried out the research, during which we investigated the evidences left by BitTorrent client application in registry under Windows 8 operating system. The experiment was carried out in three steps: installation, download, and uninstallation. The snapshots of registry were taken and compared prior and after each step. Changes in Windows registry were collected and joined into tables. The experiment revealed that BitTorrent client application creates Windows registry artefacts that can contain information which might be used as evidence during an investigation. The evidence remains in the registry even after the removal of the application, although it can really prove the fact of usage of the application only. The investigation of file system can reveal the purpose and the contents of the BitTorrent client session.

Keywords:
BitTorrent protocol forensics investigation forensic evidence registry

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

References:

[1]  Horng, M.-F., Chen, C.-W., Chuang, C.-S. and Lin, C.-Y., “Identification and Analysis of P2P Traffic - An Example of BitTorrent,” in Proceedings of First International Conference on Innovative Computing Information and Control. 266-269. 2006.
 
[2]  Park, S., Chung, H., Lee, C., Lee, S. and Lee, K., “Methodology and Implementation for Tracking the File Sharers using BitTorrent,” Multimedia Tools Appl. 74(1). 271-286. 2015.
 
[3]  Schmidt, A. H., Antunes, R. S., Barcellos, M. P. and Gaspary, L. P., “Characterizing Dissemination of Illegal Copies of Content through Monitoring of BitTorrent Networks,” in: Proceedings of Network Operations and Management Symposium (NOMS), 327-334. 2012.
 
[4]  Liberatore, M., Erdely, R., Kerle, T., Levine, B. N. and Shields, C., “Forensic investigation of peer-to-peer file sharing networks,” Digital Investigation, 7, S95-S103. 2010.
 
[5]  Farina, J., Scanlon, M. and Kechadi, M-T., “BitTorrent Sync: First Impressions and Digital Forensic Implications,” Digital Investigation, 11(S1), S77-S86. May 2014.
 
[6]  Scanlon, M., Farina, J. and Kechadi, M-T., “BitTorrent Sync: Network Investigation Methodology,” in Proceedings of Ninth International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, 21-29. September 2014.
 
[7]  Cohen, B., “Incentives Build Robustness in BitTorrent,” in Proceedings of the Workshop on Economics of Peer-to-Peer systems, 6, 68-72. 2003.
 
[8]  Mansilha, R. B., Bays, L. R., Lehmann, M. B., Mezzomo, A., Gaspary, L. P. and Barcellos, M. P., “Observing the BitTorrent Universe through Telescopes,” in Proceedings of International Symposium on Integrated Network Management, 1-8. 2011.
 
[9]  Wang, L. and Kangasharju, J., “Measuring Large-Scale Distributed Systems: Case of BitTorrent Mainline DHT,” in: Proceedings of IEEE Thirteenth International Conference on Peer-to-Peer Computing (P2P), 1-10. 2013.
 
[10]  Adelstein, F. and Joyce, R. A., “File Marshal: Automatic extraction of peer-to-peer data,” Digital Investigation, 4 (S1). S43-S48. 2007.
 
[11]  P2P Marshal. [Online]. Available: http://forensicswiki.org/wiki/P2PMarshal. [Accessed June 29, 2015].
 
[12]  Woodward, A. J. and Valli, C., “Do Current Erasure Programs Remove Evidence of BitTorrent Activity?” in: Proceedings of Conference on Digital Forensics, Security and Law, 147-158. 2007.
 
[13]  Woodward, A., “Do Current BitTorrent Clients running on Windows 7 beta leave behind meaningful data?” in: Proceedings of International Conference on Security and Management, 622-627. 2009.
 
[14]  Lallie, H. S. and Briggs, P. J, “Windows 7 registry forensic evidence created by three popular BitTorrent clients,” Digital Investigation, 7(3-4). 127-134. 2011.
 
[15]  J. Acorn and J. Austin. “Forensic Studies in BitTorrent,” Produced by the Information Security Group at Royal Holloway, University of London in conjunction with TechTarget, 2008. [Online]. Available: http://cdn.ttgtmedia.com/searchSecurityUK/downloads/RH6_Acorn.pdf. [Accessed June 30, 2015].
 
[16]  Sahoo, P.K., Chottray, R. K. and Pattnaiak, S., “Research Issues on Windows Event Log,” International Journal of Computer Applications, 41(19), 23-29. March 2012.
 
Manuscript template