1. Windows 7 registry forensic evidence created by three popular BitTorrent clients.
- Author
-
Lallie, Harjinder Singh and Briggs, Philip James
- Subjects
MICROSOFT Windows device drivers (Computer programs) ,PEER-to-peer file sharing ,INTERNET ,PEER-to-peer architecture (Computer networks) ,COMPUTER systems ,EVIDENCE ,FORENSIC sciences ,BITTORRENT (Computer network protocol) - Abstract
Abstract: Internet file sharing via the use of peer-to-peer networks is an activity that has been growing steadily for several years. It has rapidly become the most widespread method for the exchange of digital material and as a result raises much controversy. The current, most popular protocol in this field is BitTorrent. Although it is relatively simple in most cases to link particular file sharing activities to an IP address, this does little to prove that a particular user was responsible for using the connection. This study explores three popular BitTorrent client applications, BitComet, Vuze and μTorrent and outlines the registry artefacts that are produced by the installation and use of these programs on a Windows 7 client. These artefacts are examined in detail to establish what useful evidence, if any, can be recovered from them. Relevant information is highlighted for each application. [Copyright &y& Elsevier]
- Published
- 2011
- Full Text
- View/download PDF