|
|
 |
|
Do Current Erasure Programs Remove Evidence of BitTorrent Activity?
Andrew Woodward
Craig Valli
Abstract This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of BitTorrent software. The erasure programs MaxErase, P2PDoctor, Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and then searched for torrent files. The registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater concern was that the software MaxErase, P2PDoctor, Window Washer and Privacy Suite claimed to erase evidence of P2P activity, but did not remove evidence of torrent activity. Current erasure tools do not appear to be effective at removing traces of BitTorrent activity. Keywords: P2P, BitTorrent, file sharing, erasure software
|
Copyright © 2008 Association of Digital Forensics, Security and Law (ADFSL)