Peer-to-peer (P2P) file sharing networks are often abused to distribute content that is prohibited by law. Strong evidence of suspicion must be provided to obtain a court order to identify the location of an offender. However, initial evidence collection from a P2P network is a challenge due to the lack of a central point of control and the dynamic nature of the network. This paper describes an initial evidence collection tool for P2P network forensics. The tool performs active and passive monitoring by inserting a modified peer node in a P2P network that records relevant information about nodes that distribute contraband files. It logs data sent by suspicious nodes along with timestamps and unique identification information, which provides a strong, verifiable body of initial evidence. © 2012 IFIP International Federation for Information Processing.
CITATION STYLE
Myneedu, T., & Guan, Y. (2012). Evidence collection in peer-to-peer network investigations. In IFIP Advances in Information and Communication Technology (Vol. 383 AICT, pp. 215–230). https://doi.org/10.1007/978-3-642-33962-2_15
Mendeley helps you to discover research relevant for your work.