Node-Based Probing and Monitoring to Investigate Use of Peer-to-Peer Technologies for Distribution of Contraband Material

We consider the requirements for node-based probing and monitoring for network forensic investigation of the use of peer-to-peer technologies for distribution of contraband material. The architecture of peer-to-peer (P2P) data exchanges must be examined for opportunities to capture data on the transfer of contraband data with a focus on node structures in P2P exchanges. This examination is of technical, social and legal aspects of P2P use leading to the design and testing offorensically-sound investigative tools and protocols. Computational research must examine: 1. Undercover Node-based Probing and Monitoring to Build an Approximate Model of Network Activity 2. Flagging Contraband Content (keyword, hashes, other patterns) 3. Evaluation against different recipient querying, distribution and routing cases 4. Using the Evaluation results to fine-tune the node positioning strategy Legal and social research is needed to examine the U.S. and transnational legal constraints on the use of particular tools and the presence of possible behavioral signatures.