Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync

• Main Authors: Mark Scanlon, Jason Farina, Nhien An Le Khac, Tahar Kechadi
• Format: Article
• Language: English
• Published: Association of Digital Forensics, Security and Law 2014-09-01
• Series: Journal of Digital Forensics, Security and Law
• Subjects: digital evidence; remote evidence recovery; BitTorrent sync; mobile device forensics
• Online Access: http://ojs.jdfsl.org/index.php/jdfsl/article/view/266
• ISSN: 1558-7215; 1558-7223

<span style="color: #000000;">File synchronization services such as </span><span style="color: #000000;">Dropbox</span><span style="color: #000000;">, Google Drive, Microsoft </span><span style="color: #000000;">OneDrive</span><span style="color: #000000;">, Apple </span><span style="color: #000000;">iCloud</span><span style="color: #000000;">, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is </span><span style="color: #000000;">BitTorrent</span><span style="color: #000000;"> Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from </span><span style="color: #000000;">BitTorrent</span><span style="color: #000000;"> Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.</span>