Proposal / Submission Type
Peer Reviewed Paper
Location
Arlington, Virginia
Abstract
This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of BitTorrent software. The erasure programs MaxErase, P2PDoctor, Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and then searched for torrent files. The registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater concern was that the software MaxErase, P2PDoctor, Window Washer and Privacy Suite claimed to erase evidence of P2P activity, but did not remove evidence of torrent activity. Current erasure tools do not appear to be effective at removing traces of BitTorrent activity.
Keywords: P2P, BitTorrent, file sharing, erasure software
Scholarly Commons Citation
Woodward, Andrew and Valli, Craig, "Do Current Erasure Programs Remove Evidence of BitTorrent Activity?" (2007). Annual ADFSL Conference on Digital Forensics, Security and Law. 2.
https://commons.erau.edu/adfsl/2007/session-10/2
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Do Current Erasure Programs Remove Evidence of BitTorrent Activity?
Arlington, Virginia
This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of BitTorrent software. The erasure programs MaxErase, P2PDoctor, Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and then searched for torrent files. The registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater concern was that the software MaxErase, P2PDoctor, Window Washer and Privacy Suite claimed to erase evidence of P2P activity, but did not remove evidence of torrent activity. Current erasure tools do not appear to be effective at removing traces of BitTorrent activity.
Keywords: P2P, BitTorrent, file sharing, erasure software
Comments
Session Chair: Gary Kessler