Do Current BitTorrent Clients Running on Windows 7 Beta Leave Behind Meaningful Data?
Document Type
Conference Proceeding
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Security Science / Centre for Security Research
RAS ID
9158
Abstract
The use of BitTorrent technology to exchange illegal files over the internet is of concern, especially given the large volume of data exchanged. Law enforcement need solid evidence, as well as investigative intelligence if they are to reduce this trade in illegal material. This paper builds on previous work in this area and used Windows 7 as a base to examine four of the most popular BitTorrent clients to determine what information they write to a hard drive that is of use to a forensic investigator. The analysis was limited to that which could be determined using topical analysis, and examined the registry and other user areas within Windows, such as the local data area. The clients examined were BitComet, BitTornado, Vuze, and µTorrent. It was found that all clients produced forensic data which could be located with a topical search. It was also found that all clients provided the same data as a function of their operation. This data could be used by a forensic investigator to locate information about a downloaded file where the file had been erased, or stored in a remote location.
Comments
Woodward, A. (2009, July). Do Current BitTorrent Clients running on Windows 7 beta leave behind meaningful data?. In Security and Management (pp. 622-617).