The effectiveness of commercial erasure programs on BitTorrent activity
School of Computer and Information Science, Edith Cowan University
Faculty of Computing, Health and Science
School of Computer and Information Science / Centre for Security Research
Recent developments have seen the closure of P2P sites such as Kazaa and Napster due to legal action, and a subsequent rise in the use of alternative file-sharing software, namely BitTorrent. This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of such software. The erasure programs Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and examined forensically with Autopsy, and the registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater concern was that the software Window Washer and Privacy Suite claimed to erase evidence of P2P activity, but it did not remove evidence of torrent activity. Current erasure tools do not appear to be effective at removing traces of BitTorrent activity.