forensic investigation of peer to peer file sharing
play

Forensic Investigation of Peer-to-Peer File Sharing Networks Marc - PowerPoint PPT Presentation

Nov 22, 2022 •370 likes •575 views

Motivation P2P Overview Investigations and Legal Issues Results and Tool Forensic Investigation of Peer-to-Peer File Sharing Networks Marc Liberatore 1 Robert Erdely 2 Thomas Kerle 3 Brian Neil Levine 1 Clay Shields 4 1 University of

  1. Motivation P2P Overview Investigations and Legal Issues Results and Tool Forensic Investigation of Peer-to-Peer File Sharing Networks Marc Liberatore 1 Robert Erdely 2 Thomas Kerle 3 Brian Neil Levine 1 Clay Shields 4 1 University of Massachusetts Amherst 2 Pennsylvania State Police 3 Massachusetts State Police 4 Georgetown University Digital Forensics Research Conference (DFRWS 2010) Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  2. Motivation P2P Overview Investigations and Legal Issues Results and Tool Take-Home Messages The most active venue for trafficking of child pornography is p2p networks, and it is a serious concern of law enforcement. If done correctly, P2P protocols provide enough information to successfully investigate criminal acts. We built an investigator-friendly p2p client, RoundUp, wrote training materials, and have trained nearly 1,000 investigators. RoundUp reports to a central DB, which allows investigators to pool results. At least 3,000 investigations are ongoing, with hundreds of arrests. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  3. Motivation P2P Overview Investigations and Legal Issues Results and Tool Outline Motivation 1 P2P Overview 2 Investigations and Legal Issues 3 Results and Tool 4 Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  4. Motivation P2P Overview Investigations and Legal Issues Results and Tool Motivation 2001: 1,713 arrests for child pornography possession in US 2006: 3,672 arrests June 2010: 61,169 p2p users observed sharing child pornography Past studies [Wolak, et al.] have found: 21% of possessors had images of extreme violence 28% had images of children under three 16% of investigations ended with discovery of a contact offender Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  5. Motivation P2P Overview Investigations and Legal Issues Results and Tool Gnutella Overview Gnutella is a decentralized protocol for file search and sharing. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  6. Motivation P2P Overview Investigations and Legal Issues Results and Tool Gnutella Searching Queries are broadcast; searches are routed. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  7. Motivation P2P Overview Investigations and Legal Issues Results and Tool Gnutella Downloading Downloads are direct TCP connections between peers. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  8. Motivation P2P Overview Investigations and Legal Issues Results and Tool Finding Candidates Goal Find evidence of a crime through observations on the Internet. Evidence: may be direct or hearsay includes files of interest, hash values, filenames is ultimately associated with a user (IP address? GUID?) Use the p2p system to find candidates for further investigation. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  9. Motivation P2P Overview Investigations and Legal Issues Results and Tool Evidence A candidate is chosen for further investigation, by jurisdiction, type/quantity of files, observed history. The investigator directly connects to: determine all files shared by a peer find other corroborating evidence (IP, GUID, vendor id) perform a single-source download Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  10. Motivation P2P Overview Investigations and Legal Issues Results and Tool Subpoena and Search Warrant Network investigation done; shoe-leather work remains: Subpoena ISP for DHCP records / billing information Search warrant for premises — written broadly Once on site, examine media and seize if appropriate. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  11. Motivation P2P Overview Investigations and Legal Issues Results and Tool Legal / Technical Issues Main Concern Law enforcement investigators must not break the law! Aside from liability, US has a “Fruit of the Poisonous Tree” doctrine. Other issues: 4th Amendment Kyllo v US Encryption “No uploads” interacts poorly with tit-for-tat Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  12. Motivation P2P Overview Investigations and Legal Issues Results and Tool Results Observed Candidates Month Global Records US Records US IPs US GUIDs 2010 Jan 24,391,816 7,584,534 127,440 65,890 Feb 20,132,466 6,254,073 127,161 68,572 Mar 29,716,269 9,353,050 127,035 55,481 Apr 27,231,255 8,444,572 107,880 45,620 May 29,626,273 8,957,398 117,194 47,822 Jun 21,630,795 9,834,193 136,481 61,169 Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  13. Motivation P2P Overview Investigations and Legal Issues Results and Tool Results Investigators and Results in the US Date Investigators Task Forces Cases Searches Arrests 2009 Oct 102 < 20 748 242 15 Nov 429 28 875 316 57 Dec 472 48 1,096 367 93 2010 Jan 502 51 1,291 471 144 Feb 587 52 1,606 558 193 Mar 665 52 1,862 682 233 Apr 712 52 2,065 791 282 May 915 56 2,395 905 349 Jun 974 58 2,762 995 406 Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  14. Motivation P2P Overview Investigations and Legal Issues Results and Tool IPs per GUID Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  15. Motivation P2P Overview Investigations and Legal Issues Results and Tool GUIDs per IP Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  16. Motivation P2P Overview Investigations and Legal Issues Results and Tool Lessons Learned Things that are straighforward to computer scientists are surprising to police (push proxies), and vice versa (use of search warrants). Finding knowledgable partners was key to our success. Luck favors the prepared. Usability is key for rapid technology transfer. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  17. Motivation P2P Overview Investigations and Legal Issues Results and Tool Breaking News Yesterday, DOJ released the first “ National Strategy to Combat Child Exploitation, Prevention and Interdiction” at http://www. projectsafechildhood.gov/docs/natstrategyreport.pdf . RoundUp is mentioned prominently as a tool used to identify and investigate CP traffickers. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  18. Motivation P2P Overview Investigations and Legal Issues Results and Tool Summary Successful p2p investigation requires knowledge of the law and of p2p protocols. RoundUp’s success is due to academics: wringing maximum evidentiary value from the protocol. RoundUp’s success is due to LE personnel: willing to guide tool development and to function as ambassadors. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

  19. Motivation P2P Overview Investigations and Legal Issues Results and Tool Acknowledgments This work was supported in part by National Institute of Justice Award 2008-CE-CX-K005 and in part by the National Science Foundation awards CNS-0905349 and DUE-0830876. The opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect those of their employers, the U.S. Department of Justice, or the National Science Foundation. Liberatore, Erdely, Kerle, Levine, Shields Forensic Investigation of Peer-to-Peer File Sharing Networks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding Peer-to-Peer Networking and File- Sharing Introduction Although the recent

Understanding Peer-to-Peer Networking and File- Sharing Introduction Although the recent

Content copied from: http://www.limewire.com/about/p2p.php Understanding Peer-to-Peer Networking and File- Sharing Introduction Although the recent growth of user-friendly file-sharing networks has only now brought Peer-to-Peer (P2P)

144 views • 3 slides
Modeling Peer-Peer File Sharing Systems Zihui Ge, Daniel R. Figueiredo, Sharad Jaiswal, Jim

Modeling Peer-Peer File Sharing Systems Zihui Ge, Daniel R. Figueiredo, Sharad Jaiswal, Jim

Modeling Peer-Peer File Sharing Systems Zihui Ge, Daniel R. Figueiredo, Sharad Jaiswal, Jim Kurose, Don Towsley INFOCOM 2003 Outline P2P file sharing architectures Napster (centralized) Gnutella (flooding) Chord (routing)

488 views • 20 slides
A Modeling Framework to Understand the Tussle between ISPs and Peer-to-Peer File Sharing Users

A Modeling Framework to Understand the Tussle between ISPs and Peer-to-Peer File Sharing Users

A Modeling Framework to Understand the Tussle between ISPs and Peer-to-Peer File Sharing Users Michele Garetto Univ. of T orino Daniel Figueiredo Fed. Univ. of Rio de Janeiro Rossano Gaeta Univ. of T orino Matteo Sereno

450 views • 32 slides
The Road Ahead p2p file sharing techniques Downloading: Whole-file vs. chunks

The Road Ahead p2p file sharing techniques Downloading: Whole-file vs. chunks

CS 640: Introduction to Computer Networks Aditya Akella Lecture 24 - Peer-to-Peer The Road Ahead p2p file sharing techniques Downloading: Whole-file vs. chunks Searching Centralized index (Napster, etc.) Flooding

288 views • 10 slides
Peer-to-Peer bots Investigation using Distributed Honeypots Karun Dambiec u4462988 Australian

Peer-to-Peer bots Investigation using Distributed Honeypots Karun Dambiec u4462988 Australian

Overview Peer-to-Peer Bots LeurreCom.org Honeypot Project Goals Timetable References Acknowledgements Peer-to-Peer bots Investigation using Distributed Honeypots Karun Dambiec u4462988 Australian National University COMP8760 Computer

1.17k views • 11 slides
Peer-to-Peer Information Sharing in a Mobile Ad Hoc Environment Anna Hayes University College

Peer-to-Peer Information Sharing in a Mobile Ad Hoc Environment Anna Hayes University College

Peer-to-Peer Information Sharing in a Mobile Ad Hoc Environment Anna Hayes University College Dublin David Wilson University of North Carolina at Charlotte %give summary of the whole work: %contents Weve developed a peer-to-peer system

332 views • 17 slides
Peer-to-Peer Networks 16 P2P in the Wild Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 16 P2P in the Wild Christian Schindelhauer Technical Faculty

Peer-to-Peer Networks 16 P2P in the Wild Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Real-World P2P Applications in 2016 File sharing &amp; transmission Bittorrent, eMule,

559 views • 13 slides
Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Introduction Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a decentralized manner Resource can be: computing, storage, bandwidth Function can be: computing, data sharing, D.

625 views • 6 slides
Peer-to-Peer Networks 16 P2P in the Wild Christian Ortolf Technical Faculty Computer-Networks

Peer-to-Peer Networks 16 P2P in the Wild Christian Ortolf Technical Faculty Computer-Networks

Peer-to-Peer Networks 16 P2P in the Wild Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Real-World P2P Applications in 2016 File sharing &amp; transmission Bittorrent, eMule, FastTrack,

604 views • 10 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems Data is distributed among many sources Ex. Distributed database systems Frequently utilize a centralized lookup server for addressing

500 views • 15 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
Peer to Peer Learning &amp; Support Aims and Objectives of this Workshop Workshop 3: Peer to

Peer to Peer Learning &amp; Support Aims and Objectives of this Workshop Workshop 3: Peer to

Peer to Peer Learning &amp; Support Aims and Objectives of this Workshop Workshop 3: Peer to Peer Learning &amp; Support is designed to encourage peer to peer support, learning and development and sharing best practice amongst the

495 views • 11 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Services January 2019 Overview of Peer Support: Peer Support services provide an opportunity for

Services January 2019 Overview of Peer Support: Peer Support services provide an opportunity for

Family Peer Support Services January 2019 Overview of Peer Support: Peer Support services provide an opportunity for an individual to offer an array of supports to a peer that is based on sharing similar lived experiences, making an emotional

472 views • 14 slides
Inverclyde Peer Support Network Peer Support groups offer; Listening, sharing first hand

Inverclyde Peer Support Network Peer Support groups offer; Listening, sharing first hand

Inverclyde Peer Support Network Peer Support groups offer; Listening, sharing first hand knowledge about living with a disability, assist others in making informed, independent choices, share experience, information and strategies,

152 views • 14 slides
By Londyn Gillespie Grade 4 How Santa Clara de Asis was made or rebuilt Founded on January

By Londyn Gillespie Grade 4 How Santa Clara de Asis was made or rebuilt Founded on January

By Londyn Gillespie Grade 4 How Santa Clara de Asis was made or rebuilt Founded on January 12,1777 by Father Thomas de la Pena Rebuilt 6 times Church roof was tiled with 12000 tiles in 1822 Made of adobe brick, roof tile, wood,

312 views • 7 slides
Drink Manufacturing Andrew Hounslea Contents Basic Noise Control Source Path

Drink Manufacturing Andrew Hounslea Contents Basic Noise Control Source Path

Health and Safety Health and Safety Executive Executive Noise Control in Food and Drink Manufacturing Andrew Hounslea Contents Basic Noise Control Source Path Receiver Basic Noise Control Noise exposure is a combination

442 views • 27 slides
The success story behind the dimples 1 Discover the granini experience best quality and great

The success story behind the dimples 1 Discover the granini experience best quality and great

The success story behind the dimples 1 Discover the granini experience best quality and great taste from Europe, inspiring people all over the world for more than 50 years. Embrace true fruitiness and savour the moment with granini. Made

237 views • 13 slides
Govind Seepersad, Edward Evans, Nkosi Felix, Ardon Iton Significant changes are taking place in

Govind Seepersad, Edward Evans, Nkosi Felix, Ardon Iton Significant changes are taking place in

Consumers attitudes toward consumption of two different types of juice beverages based on country of origin (local vs. imported) Presented at Emerging Local Food Systems in the Caribbean and Southern USA July 6, 2014 Govind Seepersad,

439 views • 29 slides
COVID-19 Tom Youl Senior Industry Analyst Agenda: - Economic Overview - Tourism - Food

COVID-19 Tom Youl Senior Industry Analyst Agenda: - Economic Overview - Tourism - Food

Economic insights: COVID-19 Tom Youl Senior Industry Analyst Agenda: - Economic Overview - Tourism - Food &amp; Beverage (Ag) - International Trade - Thriving Industries Economic in indicators Australi lian GDP gro rowth th 6.0%

427 views • 23 slides
Annual General Meeting Presented by: Jannie Mouton Chairman 21 June 2013 General matters

Annual General Meeting Presented by: Jannie Mouton Chairman 21 June 2013 General matters

Annual General Meeting Presented by: Jannie Mouton Chairman 21 June 2013 General matters To accept the presentation of the audited annual financial statements for the year ended 28 February 2013 Ordinary resolutions To re-elect the

349 views • 31 slides
A complex international context and the 2030 Agenda The Latin American and Caribbean

A complex international context and the 2030 Agenda The Latin American and Caribbean

A complex international context and the 2030 Agenda The Latin American and Caribbean perspective ALICIA BRCENA EXECUTIVE S ECRETAR Y Meeting of Minister of Foreign Affairs of CELAC S anto Domingo, April 2016 Cyclical and structural

580 views • 34 slides
INVEST IN RYAZAN REGION 2020 OVERVIEW Ryazan is a large scientific and production center,

INVEST IN RYAZAN REGION 2020 OVERVIEW Ryazan is a large scientific and production center,

INVEST IN RYAZAN REGION 2020 OVERVIEW Ryazan is a large scientific and production center, situated on the right bank of Oka river. 170 km of Moscow. 39.6 k. km 2 total area of the region ADMINISTRATIVE TERRITORIAL DIVISION Rya Ryaza

441 views • 15 slides

More recommend