BitTorrent Sync: First Impressions and Digital Forensic Implications

Note: Since this publication, BitTorrent Sync has been rebranded as Resilio Sync

Authors: Farina, Jason; Scanlon, Mark and Kechadi, M-Tahar

Publication Date: March 2014

Publication Name: Digital Investigation

Abstract:

With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations.

Download:

Download Paper as PDF

BibTeX Entry:

@article{Farina2014S77,
title = "BitTorrent Sync: First Impressions and Digital Forensic Implications",
journal = "Digital Investigation",
volume = "11, Supplement 1",
number = "1",
pages = "S77-S86",
year = "2014",
month = "03",
note = "Proceedings of the First Annual \{DFRWS\} Europe",
issn = "1742-2876",
doi = "http://dx.doi.org/10.1016/j.diin.2014.03.010",
url = "http://www.sciencedirect.com/science/article/pii/S1742287614000152",
author = "Farina, Jason and Scanlon, Mark and Kechadi, M-Tahar",
keywords = "BitTorrent",
keywords = "Sync",
keywords = "Peer-to-Peer",
keywords = "Synchronisation",
keywords = "Privacy",
keywords = "Digital forensics",
abstract="With professional and home Internet users becoming increasingly concerned with data protection and privacy, the privacy afforded by popular cloud file synchronisation services, such as Dropbox, OneDrive and Google Drive, is coming under scrutiny in the press. A number of these services have recently been reported as sharing information with governmental security agencies without warrants. BitTorrent Sync is seen as an alternative by many and has gathered over two million users by December 2013 (doubling since the previous month). The service is completely decentralised, offers much of the same synchronisation functionality of cloud powered services and utilises encryption for data transmission (and optionally for remote storage). The importance of understanding BitTorrent Sync and its resulting digital investigative implications for law enforcement and forensic investigators will be paramount to future investigations. This paper outlines the client application, its detected network traffic and identifies artefacts that may be of value as evidence for future digital investigations."
}