1 / 10

P2P Investigation

Learn about P2P investigation, including the overview of P2P, direct vs hearsay evidence, investigation steps, and analysis of the Gnutella protocol.

eicher
Download Presentation

P2P Investigation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. P2P Investigation Pedro Gallegos

  2. Topics • Overview of P2P • Direct vs Hearsay • Investigation Steps • Analysis Gnutella Protocol • RoundUp

  3. Overview of P2P • P2P stands for Peer-to-Peer • Way to distribute files • Gnutella • Supports queries • Peers inform each other of files • BitTorrent • Uses torrent files • Trackers inform client of peers

  4. Direct VS Hearsay • Direct • When an investigator has a direct connection, that is,a TCP connection to a process on a remote computer, and receives information about that specific computer, that information is direct • Hearsay • When a process on one remote machine relays information for or about another,different machine.

  5. Investigation Steps • Determine Files of Interest (FOIs) • Use P2P to find candidates • Narrow down the candidates • Attempt to verify possession or distribution

  6. Investigation Steps Cont. • A subpoena to the ISP is obtained • On basis of evidence, obtain search warrant • Perform search

  7. Analysis Gnutella Protocol Overview • Before warrant is obtained, it is important to only gather data that is in public domain through: • Queries • Swarming Information • Browsing Host • File download

  8. RoundUp • RoundUp is a tool for forensically valid investigations of the Gnuetella network

  9. Questions?

  10. Sources: • Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields.    http://www.dfrws.org/2010/proceedings/2010-311.pdf

More Related