p2p investigation pedro gallegos. topics overview of p2p direct vs hearsay investigation steps ...
TRANSCRIPT
![Page 1: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/1.jpg)
P2P Investigation
PEDRO GALLEGOS
![Page 2: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/2.jpg)
Topics
Overview of P2PDirect vs HearsayInvestigation StepsAnalysis Gnutella ProtocolRoundUp
![Page 3: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/3.jpg)
Overview of P2P
P2P stands for Peer-to-Peer Way to distribute files Gnutella
Supports queriesPeers inform each other of files
BitTorrentUses torrent filesTrackers inform client of peers
![Page 4: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/4.jpg)
Direct VS Hearsay
Direct When an investigator has a direct connection, that
is,a TCP connection to a process on a remote computer, and receives information about that specific computer, that information is direct
Hearsay
When a process on one remote machine relays information for or about another,different machine.
![Page 5: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/5.jpg)
Investigation Steps
Determine Files of Interest (FOIs)Use P2P to find candidatesNarrow down the candidatesAttempt to verify possession or
distribution
![Page 6: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/6.jpg)
Investigation Steps Cont.
A subpoena to the ISP is obtainedOn basis of evidence, obtain search
warrantPerform search
![Page 7: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/7.jpg)
Analysis Gnutella Protocol Overview
Before warrant is obtained, it is important to only gather data that is in public domain through:QueriesSwarming InformationBrowsing HostFile download
![Page 8: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/8.jpg)
RoundUp
RoundUp is a tool for forensically valid investigations of the Gnuetella network
![Page 9: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/9.jpg)
Questions?
![Page 10: P2P Investigation PEDRO GALLEGOS. Topics Overview of P2P Direct vs Hearsay Investigation Steps Analysis Gnutella Protocol RoundUp](https://reader034.vdocuments.net/reader034/viewer/2022051401/56649e3a5503460f94b2c521/html5/thumbnails/10.jpg)
Sources:
Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields. http://www.dfrws.org/2010/proceedings/2010-311.pdf