Andrew Frowen offers the following royalty-free article for you to publish online or in print. Feel free to use this article in your newsletter, website, ezine, blog, or forum. ----------- PUBLICATION GUIDELINES - You have permission to publish this article for free providing the "About the Author" box is included in its entirety. - Do not post/reprint this article in any site or publication that contains hate, violence, porn, warez, or supports illegal activity. - Do not use this article in violation of the US CAN-SPAM Act. If sent by email, this article must be delivered to opt-in subscribers only. - If you publish this article in a format that supports linking, please ensure that all URLs and email addresses are active links. - Please send a copy of the publication, or an email indicating the URL to [email protected] - Article Marketer (www.ArticleMarketer.com) has distributed this article on behalf of the author. Article Marketer does not own this article, please respect the author's copyright and publication guidelines. If you do not agree to these terms, please do not use this article. ----------- Article Title: The Computer Forensic Investigation Of Peer To Peer File Sharing Author: Andrew Frowen Category: Security, Information Technology Word Count: 567 Keywords: computer forensics, peer to peer, p2p, file sharing, registry, trojan horse defence Author's Email Address: [email protected] Article Source: http://www.articlemarketer.com ------------------ ARTICLE START ------------------
As internet connection speeds continue to increase, sharing information via the internet has become commonplace. For small files, email is often the most practical medium via which to send and receive information, but for those wishing to share large files such as audio and video on a mass scale, peer to peer (P2P) file sharing has become a popular choice. Peer to peer networks provide a method of sharing data that does not require a central host or server. Instead, the data is shared among whoever is connected to the network, which could amount to tens of millions of users in the case of popular P2P software such as Kazaa or eMule. Users of such software are able to download popular files very quickly because the network allows connection to multiple users, each simultaneously uploading a small chunk of the same file for the user to download. When a user installs a piece of P2P software, they typically select a 'download' directory, where they wish their downloaded files to be saved, and an 'upload' directory, where any files they are happy to share should be stored. Often, the path chosen for both is the same directory by default, meaning that a file can be shared with others as soon as it has been downloaded. In cases where possession of indecent images of children is suspected, evidence of P2P activity can be extremely fruitful. At the beginning of a criminal investigation, computer forensic experts are typically called in to analyse the suspect's hard drive for evidence that can be used by the prosecution in a court of law. If P2P software is found to be present on a suspect's computer, there are a number of avenues a computer forensic expert can take to find evidence that illegal images have been downloaded and/or shared. First, the registry entries for the P2P software can be analysed. This can often reveal details such as the names and creation dates of files and such entries may even remain present after the P2P software itself has been uninstalled and the files themselves deleted. In addition, evidence of precisely what users have been searching for may be present in the registry. This is because users locate files by searching for keywords and such searches are often logged by the software. This evidence can be particularly useful in cases where intent must be proven, for example, where the accused utilises the Trojan horse defence to claim the files were downloaded without his or her knowledge after infection by malicious software. Criminal investigators may also be able to recover information from the suspect's Internet Service Provider (ISP), which in many cases will hold detailed information about the nature of files shared over its network. However, because P2P sharing is now widely employed in the illegal downloading of music and films, there is great demand for software which masks this activity from ISPs. For this reason, this information is not always available, making the recovery of computer based evidence all the more vital. With over 15 P2P programs currently in common usage the main challenge to computer forensic experts investigating their use is keeping up with the fast paced development of the technology, but with the financial support of large music labels and film studios behind the effort to crack down on P2P file sharing, it seems unlikely that it will ever be a war that criminals will win. IntaForensics a BS EN ISO 9001:2000 registered firm providing Computer Forensics, Expert Witness, Mobile Phone Forensics, and Forensic Data Recovery to the Legal Sector, Police Forces, Local Authorities and Commercial organisations internationally. Visit http://www.intaforensics.com. ------------------ ARTICLE END ------------------ [Non-text portions of this message have been removed]
