Timeline analysis in P2P Forensics

Troy Schnack wrote a blog that will help avoid many misconceptions about dates / times (DTs) in reports from both sides. It took a long time to collect various artifacts and combine the data into a chronology.


Information and technology are constantly changing. Any information is very important for law enforcement agencies. Peer-to-peer (P2P) programs are not as prevalent as they once were. Ares, eMule, Gigatribe, BitTorrent and others still show up in cases from time to time. There is a vast resource of white papers, blogs and presentations on many of these programs and how to find and decode their respective artifacts. These resources are too plentiful to list here.

The examples, concepts and information in this blog will focus mainly on Ares P2P artifacts, as it is fresh in my mind from a recent case. However, these concepts are applicable to most other studies and downloads of P2P.

 

More.