Since its creation back in 2001, BitTorrent has become the peer-to-peer protocol of choice for anyone wanting to download large files, such as films or music.
It is an ingenious system that splits the work by turning all participating computers into potential servers as well as clients, and stores portions of each file on multiple servers.
That makes for a very efficient system that shares the load between computers. But it is also hard to keep track of if, for example, you worry that your content has been pirated. And for anyone seeking forensic evidence to combat illicit downloading, BitTorrent creates a web that makes it very hard to see who is the pirate and who is merely a relatively innocent bystander.
The problem and some solutions are outlined in an article, Forensic Studies in BitTorrent, by Jamie Acorn, published on SearchSecurity.co.uk as part of our series highlighting the work of recent MSc students at Royal Holloway University of London (RHUL).
Acorn says he first began thinking about the problem while working in electronic data recovery and analysis in 2005. "I had seen that the use of BitTorrent had escalated immensely in a short timescale," he says. "The BitTorrent protocol was designed to share large data files quickly. The clients developed for creating and downloading torrent files were very user-friendly, thus making it easier for people to distribute data illegally."
While the forensic world had developed scripts to help investigators tackle file sharing sites such as Kazaa and Limewire, Acorn was surprised to see little research had been done on BitTorrent, even though it was clearly becoming immensely popular. "I knew it would only be a matter of time before criminal cases would be requiring forensic investigations of BitTorrent activity of individuals, so I decided that it would be an interesting project to get my teeth into for my Masters thesis," he says.
The article explains how BitTorrent works and details Acorn's own research on various BitTorrent applications, showing the difficulties involved when trying to build a forensic trail of events.
To read Jamie Acorn's article, click here. The article will also provide a link through to the full thesis.