Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study
This provides forensic practitioners with insights into artefacts from P2P cloud storage, aiding IoT evidence collection, but it is incremental as it applies existing forensic methods to a specific case study.
The paper investigated data remnants from using BitTorrent Sync version 2.0 across multiple devices and operating systems, finding that artefacts related to installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources for IoT forensics.
Cloud computing has been regarded as the technology enabler for the Internet of Things (IoT). To ensure the most effective collection of IoT-based evidence, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services. In this paper, we seek to determine the data remnants from the use of BitTorrent Sync version 2.0. Findings from our research using mobile and computer devices running Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4 suggested that artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources of IoT forensics. We also present a forensically sound investigation methodology for BitTorrent Sync.