利用权力下放扩大数字证据获取窗口:BitTorrent同步案例研究 (Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync)

from arxiv, Special Issue on Proc. of Sixth International Conference on Digital Forensics & Cyber Crime, ICDF2C'14, Journal of Digital Forensics, Security and Law, Vol 9, No 2, September 2014

File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.

翻译：文件同步服务, 如 Droppox、 Google 驱动器、 Microsoft OneDrive、 Apple iCloud 等, 在当今一直相连的世界中越来越受欢迎。对上述服务的流行替代办法是 BitTorrent Sync 。这是一个分散/无云文件同步服务,在互联网用户中越来越受欢迎,他们对数据储存地点和谁有能力访问这些数据有隐私问题。本文的重点是远程检索与被确认为进入或存储在嫌疑人的计算机或移动设备上的文件有关的数字证据。概述了识别、调查、恢复和核实这种远程数字证据的方法。最后, 概述了从 BitTorrent Sync 共享文件夹中提取概念证据的证明远程证据, 强调了恢复和核实这类证据的一些可能情形。