Forensic Analysis and Remote Evidence Recovery from Syncthing: An Open Source Decentralised File Synchronisation Utility

Quinn, Conor; Scanlon, Mark; Farina, Jason; Kechadi, M-Tahar

Authors: Quinn, Conor; Scanlon, Mark; Farina, Jason and Kechadi, M-Tahar

Publication Date: October 2015

Publication Name: Digital Forensics and Cyber Crime, Volume 157, Number 1, Pages 85-99

Abstract:

Commercial and home Internet users are becoming increasingly concerned with data protection and privacy. Questions have been raised regarding the privacy afforded by popular cloud-based file synchronisation services such as Dropbox, OneDrive and Google Drive. A number of these services have recently been reported as sharing information with governmental security agencies without the need for warrants to be granted. As a result, many users are opting for decentralised (cloudless) file synchronisation alternatives to the aforementioned cloud solutions. This paper outlines the forensic analysis and applies remote evidence recovery techniques for one such decentralised service, Syncthing.

Download:

BibTeX Entry:

@Inbook{quinn2015syncthingforensics,
author={Quinn, Conor and Scanlon, Mark and Farina, Jason and Kechadi, M-Tahar},
title="{Forensic Analysis and Remote Evidence Recovery from Syncthing: An Open Source Decentralised File Synchronisation Utility}",
booktitle="Digital Forensics and Cyber Crime",
month="10",
year="2015",
volume="157",
number="1",
series={Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering},
editor={James, Joshua I. and Breitinger, Frank},
doi="10.1007/978-3-319-25512-5_7",
url="http://dx.doi.org/10.1007/978-3-319-25512-5_7",
publisher="Springer International Publishing",
keywords="Syncthing; Digital forensics; Remote forensics; Network analysis; Evidence recovery",
pages="85-99",
isbn="978-3-319-25511-8",
abstract="Commercial and home Internet users are becoming increasingly concerned with data protection and privacy. Questions have been raised regarding the privacy afforded by popular cloud-based file synchronisation services such as Dropbox, OneDrive and Google Drive. A number of these services have recently been reported as sharing information with governmental security agencies without the need for warrants to be granted. As a result, many users are opting for decentralised (cloudless) file synchronisation alternatives to the aforementioned cloud solutions. This paper outlines the forensic analysis and applies remote evidence recovery techniques for one such decentralised service, Syncthing."
}