Network investigation methodology for BitTorrent Sync: A Peer-to-Peer based file synchronisation service

Scanlon, Mark; Farina, Jason; Kechadi, Tahar

doi:10.1016/j.cose.2015.05.003

Cited by 20 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Functionality such as this can greatly help towards the elimination of duplicated efforts in the analysis of content. • Using the proposed deduplication system can also greatly expedite the acquisition of digital evidence from hashbased file-synchronisation services, such as BitTorrent Sync or Syncthing [10,6]. Given that these tools rely on frequent hashing to determine when a synchronisation is required, those same hashes can be used for artefact acquisition and elimination purposes.…”

Section: A Future Workmentioning

confidence: 99%

Towards the Leveraging of Data Deduplication to Break the Disk Acquisition Speed Limit

Wolahan¹,

Lorenzo²,

Bou‐Harb

et al. 2016

2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

Self Cite

View full text Add to dashboard Cite

Digital forensic evidence acquisition speed is traditionally limited by two main factors: the read speed of the storage device being investigated, i.e., the read speed of the disk, memory, remote storage, mobile device, etc.), and the write speed of the system used for storing the acquired data. Digital forensic investigators can somewhat mitigate the latter issue through the use of high-speed storage options, such as networked RAID storage, in the controlled environment of the forensic laboratory. However, traditionally, little can be done to improve the acquisition speed past its physical read speed from the target device itself. The protracted time taken for data acquisition wastes digital forensic experts' time, contributes to digital forensic investigation backlogs worldwide, and delays pertinent information from potentially influencing the direction of an investigation. In a remote acquisition scenario, a third contributing factor can also become a detriment to the overall acquisition time -typically the Internet upload speed of the acquisition system. This paper explores an alternative to the traditional evidence acquisition model through the leveraging of a forensic data deduplication system. The advantages that a deduplicated approach can provide over the current digital forensic evidence acquisition process are outlined and some preliminary results of a prototype implementation are discussed.

show abstract

Section: A Future Workmentioning

confidence: 99%

Towards the Leveraging of Data Deduplication to Break the Disk Acquisition Speed Limit

Wolahan¹,

Lorenzo²,

Bou‐Harb

et al. 2016

2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The third party systems, particularly the cloud computing, though have the benefits of scalability, security, cost reduction, portability, higher flexibility, and availability, are faced with serious security issues (Bachlechner et al, 2014;Karadsheh, 2012). Concerns were raised over unauthorised access to third party cloud based systems, causing large scale exposure of organizational private data (Scanlon, Farina, & Kechadi, 2015). Thus, the need for due diligence in the selection of a trusted cloud service provider (Tang & Liu, 2015) and the establishment of appropriate security policies, service level agreement and compliance for enhancing cloud security (Karadsheh, 2012).…”

Section: Security In Third-party Systemsmentioning

confidence: 99%

Investigation into the State-of-Practice of Operations Security Management Based on ISO/IEC 27002

Yaokumah

2016

International Journal of Technology Diffusion

View full text Add to dashboard Cite

This study assessed information security management in organizations through a questionnaire based on the ISO/IEC 27002, with special focus on operations security. A survey with cross-sectional research design was conducted and data collected from 223 participants from 56 organizations. Overall, the level of operations security maturity was 61.2%, which is the maturity Level 3 (well-defined). This level suggested that operations security controls and processes were documented, approved, and implemented organization-wide. Backups and malware protection were the most implemented security controls, while logging, auditing and monitoring were the least implemented controls. Assessment of inter-organizational operations security found significant differences among the organizations. Financial and Health Care Institutions outperform Educational Institutions and Government Public Service. The study provided insight into maturity levels of operations security controls and the results useful for benchmarking inter-organizational performance, competitiveness and improvement in information security.

show abstract

“…The investigation of intercepted/wiretapped data can be classified into two objects, voice and network data [1]. This paper will focus on in-tercepted network data, which is a necessary source of evidence for a range of crimes, e.g., child abuse material distribution [4], cloud hosted services [1], industrial espionage [5], dead drops [5,6], malicious software distribution [6], instant messaging [7], piracy [8], illegal content distribution [6], etc. A problem arises for non-technical detectives as it is very difficult to interpret the network data.…”

Section: Introductionmentioning

confidence: 99%

Enabling Non-Expert Analysis OF Large Volumes OF Intercepted Network Traffic

Wiel¹,

Scanlon

Le-Khac

2018

Advances in Digital Forensics XIV

Self Cite

View full text Add to dashboard Cite

In criminal investigations, telecommunication wiretaps have become a common technique used by law enforcement. While phone-based wiretapping is well documented and the procedure for their execution are well known, the same cannot be said for Internet taps. Lawfully intercepted network traffic often contains a lot of encrypted traffic making it increasingly difficult to find useful information inside the traffic captured. The advent of Internet-of-Things further complicates the process for non-technical investigators. The current level of complexity of intercepted network traffic is close to a point where data cannot be analysed without supervision of a digital investigator with advanced network knowledge. Current investigations focus on analysing all traffic in a chronological manner and are predominately conducted on the data contents of the intercepted traffic. This approach often becomes overly arduous when the amount of data to be analysed becomes very large. In this paper, we propose a novel approach to analyse large amounts of intercepted network traffic based on network metadata. Our approach significantly reduces the duration of the analysis and also produces an insight view of analysing results for the non-technical investigator. We also test our approach with a large sample of network traffic data.

show abstract

Network investigation methodology for BitTorrent Sync: A Peer-to-Peer based file synchronisation service

Cited by 20 publications

References 8 publications

Towards the Leveraging of Data Deduplication to Break the Disk Acquisition Speed Limit

Towards the Leveraging of Data Deduplication to Break the Disk Acquisition Speed Limit

Investigation into the State-of-Practice of Operations Security Management Based on ISO/IEC 27002

Enabling Non-Expert Analysis OF Large Volumes OF Intercepted Network Traffic

Contact Info

Product

Resources

About