Forensic Investigation of Peer-to-Peer Networks

Forensic Investigation of Peer-to-Peer Networks

Ricci S.C. Ieong (The University of Hong Kong, Hong Kong), Pierre K.Y. Lai (The University of Hong Kong, Hong Kong), K. P. Chow (The University of Hong Kong, Hong Kong), Michael Y.K. Kwan (The University of Hong Kong, Hong Kong) and Frank Y.W. Law (The University of Hong Kong, Hong Kong)
DOI: 10.4018/978-1-60566-836-9.ch015
OnDemand PDF Download:
No Current Special Offers


The community of peer-to-peer (P2P) file-sharing networks has been expanding swiftly since the appearance of the very first P2P application (Napster) in 2001. These networks are famous for their excellent file transfer rates and adversely, the flooding of copyright-infringed digital materials. Recently, a number of documents containing personal data or sensitive information have been shared in an unbridled manner over the Foxy network (a popular P2P network in Chinese regions). These incidents have urged the authors to develop an investigation model for tracing suspicious P2P activities. Unfortunately, hindered by the distributed design and anonymous nature of these networks, P2P investigation can be practically difficult and complicated. In this chapter, the authors briefly review the characteristics of current P2P networks. By observing the behaviors of these networks, they propose some heuristic rules for identifying the first uploader of a shared file. Also, the rules have been demonstrated to be applicable to some simulated cases. The authors believe their findings provide a foundation for future development in P2P file-sharing networks investigation.
Chapter Preview


More about P2P File Sharing Networks

In this section, we will briefly describe the mainstream classifications and take a few popular networks as examples for illustrating the differences.

Key Terms in this Chapter

Resource link-based network: A resource link-based network is a P2P network where files are being announced to interested downloaders by providing a resource link locator.

Peer: A peer represents a P2P user/client program in a P2P network. After a P2P client is initiated, it will be connected to the P2P network as one of the participants. It can become an uploader or downloader in the network. Therefore, we use the term peer to represent all types of participants disregarding their functions in the network. In Gnutella, peers are also called “servent”

Resource link locator: A resource link locator (or resource locator) is an URL or a file which provides the necessary information for a peer to download the shared file.

Client: A software program which implements certain P2P protocol(s) and acts as an interface because a user and the P2P network.

Resources locating: With resources scattered over enormous number of peers on the network, resources locating is the process of locating a file shared and published by another uploader

Requester: A requester is a peer that searches for or requests for a particular file. A requester may only search and locate the file but not proceed to download the file.

Search-based network: P2P networks where files are located by searching through queries in the network are known as the Search-based networks.

Downloader: A downloader is a peer that downloads a file and does not have the complete content of that file locally.

Seeding peer: A seeding peer is a peer who connects to the network with the complete file and offers it to others to download.

Ultrapeer: An ultrapeer is a peer which acts as a virtual server in a P2P network for linking some other peers together to form the network. This term is used in Gnutella and Gnutella 2 network. It is used for detecting the status of peers, transferring query requests/responses to peers that possibly possess the requested file content. It performs similar function as supernode in FastTrack networks

Uploader: A peer who is uploading a file or part of a file to a P2P network.

P2P file-sharing network: A P2P network is a network of peers using the same P2P protocol for file-sharing.

First uploader: The first uploader of a certain file is the first peer who uploads the file to the P2P network. It must be the first seeding peer in the network. Also known as initial uploader, originator or first seeding peer

Complete Chapter List

Search this Book: