BitTorrent Sync Application

BitTorrent Sync Application
BitTorrent Sync Application

Want help to write your Essay or Assignments? Click here

BitTorrent Sync Application

Summary

            Given that private and professional internet users have rapidly become concerned with privacy and data protection the privacy that is accorded famous synchronization services of cloud files for instance Google drive, Drop box and one drive this matter has gained lots of scrutiny by the press.

Some of these services have been reported in the recent past to be sharing their information with government intelligence agencies without warrants/ BitTorrent has been observed to be an alternative by numerous people and by 2014 it already had 3 million users. 

This service is totally decentralized and provides most of the same functionality and synchronization that is a replica of cloud computing services. It employs encryption in the transmission of data and alternatively for storage remotely.

The significance of comprehending BitTorrent Sync and its consequent digital investigative implications to law enforcers and forensic investigators is critical to future evaluations.  Given the rise in home user bandwidth and the developments in professional and non professional computer power data volumes that are being created by computer machines are now increasing.  

For users of mobile machines accessing this data has been a tall order. With rapid connectivity and increased availability and internet access the notion of resilient storage,  high availability and off site back up has been moved from the domain that was mainly a preserve of large corporations and has become rapidly popular with users of computers as well as daily data consumers.

Want help to write your Essay or Assignments? Click here

Applications like Drop Box and Ever note control the reducing cost of hard disk storage witnessed in Storage as a Service (SaaS) providers for instance Amazon S 3. The key advantage of stemming from services like Apple iCloud, DropBox, Microsoft OneDrive, and Google Drive is the fact that their data tends to be stored in a fundamental extension of their machines with no necessity of user interaction upon installation.

It is backed up by a completely distributed data center model that is totally out of the financial reach of the ordinary consumer. This data can be accessed on various devices without necessarily reformatting partitions or wasting space through a creation of multiple copies of one file for all devices. DropBox and a number of other services have offline applications that permeate the synchronization of data to local folders to be accessed offline.

Want help to write your Essay or Assignments? Click here

Each of these services could be categorized as cloud synchronization services. This shows that as much as data is coordinated between user machines a copy of this data is remotely stored in the cloud. Most of this data can be freely accessed by government intelligence without a warrant.  Consequently, BitTorrent Sync offers this functionality without cloud storage and is thus believed to be the best option.

Given its advantages BitTorrent Sync application is now popular with those who want to replicate and synchronize their files. By the end of 2013 it had attracted 2 million users. This  work’s contribution entails a forensic evaluation of  BitTorrent Sync applications for clients left remnants upon installation, its behavior, and artifacts.  An evaluation of the network traffic sequence and file interactions employed as part of the process of interaction are also included.

This information can be of use to digital forensic investigators if BitTorrent Sync is installed on machines that have been subjected to investigation. It can be employed in the recovery of lost data, modifying this data or locating where it has been synchronized to.

Want help to write your Essay or Assignments? Click here

 By knowing the operational nature of BitTorrent Sync this could assist to get the right direction during digital investigations to extra remote machines where more relevant data could be replicated. This technology is applicable in several crime investigations including, industrial espionage, malicious software distribution and sharing of child exploitation material. The crime that is being investigated is what determines if the remote machines could be owned and put under operation by one suspect or by a cohort that has a mutual goal. 

The protocol is powerful because of the nature of file parts usage where each file is capable of being manipulated and controlled separately. Given that BitTorrent Sync at times tends to use a DHT in data transfers there is no leading authority that can be used to manage data authentication. Suspect files located on a system could be downloaded from several sources and uploaded to several recipients.

Want help to write your Essay or Assignments? Click here

Analysis

There are three unique settings that establish the resources employed in peer discovery as well as the available path for transmission of traffic. BitTorrent Sync employs such peer discovery techniques to ordinary BitTorrentprotocol.  The localized peer discovery packet contains a BSYNC and a ping message type which includes the 20 byte mutual ID of the advertised share, IP address of the sender host as well as the port.

The LAN hosts that receive the packet will drop it if they have no interest in the shared ID.  Hosts that show some interest show it through a UDP packet response to the advertised port.  This response lacks a BSYNC header and the field of data has only the responding peer’s ID.

The three IP addresses are hosted on the EC2cloud service of Amazon. A get peers request is send to the tracker server by the client. Upon reception of this request the IP address of the client is added onto a list of available peers that are active for the specific tracker shared ID. Given that the client requests this list because of the secret possessed by it, the server’s response always has one active peer which is employed in requesting the client’s information.

Peer discovery can be done by clients through the use of a Distributed Hash Table (DHT). In this alternative peers can register their details by use of the secret word and the port. By employing this alternative users could avoid employing any kind of tracking server but they could find peer discovery as being slow in nature.

Want help to write your Essay or Assignments? Click here

The option of using predefined hosts is the last and undetectable technique of peer discovery.  The user is capable of adding a list of IP addresses and port combinations to shared preferences.  This peer’s list is likely to be directly contacted without necessarily having to look into a BSYNC packet that ahs a ping type of message.  Just like peer discovery methods BTSync permeates the user to put together several alternatives that impact the manner in which data can be transferred between peers.  If no options are set the seeding host makes attempts to directly communicate with the replicating target.

The forensic analyses of these utilities are problematic in nature. Unless there is a complete up to date local synchronization the data’s entire picture could reside in temporary files. Multiple data centers and volatile storage for instance the RAM of the system.

Any forensic evaluation done digitally on these systems should have particular attention on the access method. This is mainly the internet browser that connects to the access page of the service provider.  This temporary access highlights the significance of real forensic methods while carrying out investigations on a suspected machine. 

Want help to write your Essay or Assignments? Click here

If power is disconnected from the suspect’s machine investigators will lose more than access to the clients open documents and this includes authentication documents stored in the RAM such as passwords. There is an extra approach to forensics during cloud storage investigations. This entails access by use of complete client application regardless of whether it has been interfered with by the user. 

Anti-forensic attempts could be applied through a deletion of synchronized folders and uninstallation of the application.  If Dropbox is employed with the application of the client it creates a localized folder which synchronizes contents that are stored in it through an online duplication of the folder. Dropbox usually provides a storage space of 2GB for free but one has the alternative of buying more space.

OneDrive is meant to be an absolute online storage facility with the alternative of synchronizing copies of files to the folder of a client.  Most cloud storage facilities offer a method of synchronization that involve a kind of periodic checking to establish if there are changes made to versions that are viewed at a local level. They can also be used to make a comparison of online and offline copies upon re-establishing communication.

Just like peer discovery methods, BitTorrent Sync enables users to configure several options that impact the manner in which data gets transferred from one peer to another. The seeding host makes attempts of directly communicating with the replication target. The traffic tends to be encrypted through default in case it travels out of the local LAN. There is an alternative in application preferences to enhance LAN encryption if it is preferred by the user.

Want help to write your Essay or Assignments? Click here

If there is a blocked communication between hosts in case they are on different networks safeguarded by firewalls or in LAN segments which are locked by inbound access managed links. When a seeder creates a share it leads to the generation of a master key. It is essentially the all access key that permeates the share owner to modify, add or remove the share contents. The only case in which the key can be distributed to another one is when it becomes a trusted collaborator.  The read only key permeates the receiving user to read the synchronized data but not to modify the source contents whatsoever.

When trying to recover lost data it is possible to find that BitTorrent Sync has been installed on a machine. As a result if anti-forensic measures a number of files may not be recovered from the localized hard disk. If the secret is recovered for some share it is likely that the suspect’s secret synchronization will help forensic investigators to recover the information that is lost from all nodes in the share that are still active.

Ordinary forensic analysis of file systems tends to identify synchronized artifacts that are left behind from a certain share combined with successive data synchronization.  The collected data should be stored in a digital evidence bag.

Want help to write your Essay or Assignments? Click here