Robert Erdely Pennsylvania State Police (Retired) Indiana County Detectives Bureau.
-
Upload
derick-melton -
Category
Documents
-
view
345 -
download
2
Transcript of Robert Erdely Pennsylvania State Police (Retired) Indiana County Detectives Bureau.
ICACCops.com / RoundUp Investigative Tools
Robert ErdelyPennsylvania State Police (Retired)Indiana County Detectives Bureau
P2P Networks
P2P Networks
Ares - aresgalaxy.sourceforge.net/Bittorrent - www.bittorrent.com/eMuleFreenet – www.freenetproject.org/Gigatribe - www.gigatribe.comGnutella - www.shareaza.com/Gnutella2 - www.shareaza.com/IRC – www.mirc.com
Peer to peer (P2P) file sharing networks, are frequently used to obtain and trade digital files of child pornography.
These files include both image and movie files. These files range from commercially produced
to homemade.
Easy to identify Computers sharing files These investigation often lead to the
identification of offenders actively abusing children……….
Why Investigate P2P?
What is Peer to Peer file sharing??
Peer to Peer (P2P) file sharing programs are a standard way to transfer files from one computer system to another while connected to a network, usually the Internet.
Many P2P file sharing programs are Open Source.
P2P File Sharing Programs
Peer-to-Peer file sharing programs allow groups of computers using the same file sharing network (i.e. Ares, Bittorrent, etc.) and protocols to connect directly to each other to share files. Why P2P file sharing networks are so “efficient”:
•Fault Tolerance is built in… If the connection with one source fails, you will be connected to another
•Load Balancing If a source becomes too busy you will be connected to another one
•Redundancy There is more then one source for the same file
P2P File Sharing Programs
• File Swarming • You get a file from multiple sources and you
will continually try to find more sources for that file
• IP addresses • Identifies the computers that have the files
and the ones that want the files
• File Hashing• SHA-1 / MD4 hash uniquely identifies the
target file, the exact file that one is looking for
P2P File Sharing Programs
1) P2P Clients are Geographically Indiscriminate – they gather candidates and files throughout the world◦ Regionalize investigations with Maxmind/Icaccops website
2) File names may be misleading or inaccurate◦ Uses hash values to identify prosecutable files
3) Files transferred from multiple sources◦ RoundUp Investigative Tools are restricted to single source
downloads
4) Ip addresses/Hash values not displayed in the typical clients◦ Roundup Tools displays important information in the user
interface
Four Investigative Obstacles to Overcome:
A hash function, also known as a message digest, digital fingerprint, or compression function, is a mathematical function that takes a variable-length input string and converts it into a fixed-length value.
A hash function is designed in such a way that it is impossible to reverse the process, that is, to find a string that hashes to a given value.
Hash Algorithms
MD4 (Message Digest) hash takes up 16 bytes, which is 128 bits, and can be expressed as 32 hexadecimal characters
SHA1 (Secure Hash Algorithm) hash takes up 20 bytes, which is 160 bits, and can be expressed as 40 hexadecimal characters or as 32 characters (Base32).
http://www.itl.nist.gov/fipspubs/fip180-1.htm to learn more about the Secure Hash Standard.
Commonly Used Hash Functions
MD5◦ 4928F86198AAE657859CFA7DF73A588F
Sha1◦ LV4UPCZLORG5TWROSRWDIZNIW7SS2345◦ 5D79478B2B744DD9DA268BA5119EC3465A8B
MD4◦ 16DEB62F7D9D711321A40DF0233DC96A(all of the above are taken from the same file)
Hash Algorithms
1 Excluding monozygotic (fraternal) twins, which are 0.2% of the human population
Odds that 2 DIFFERENT files will have the same hash valueMethod Odds of a Match
DNA (RFLP analysis) One in 100 billion1
100,000,000,000
MD5 (128 bit) One in 340 undecillion 340,282,366,920,938,000,000,000,000,000,000,000,000
SHA1 (160 bit) One in a quindecillion1,461,501,637,330,900,000,000,000,000,000,000,000,000,000,000,000
What are the Odds?
2 hours of activity
2 hours of activity
2 hours of activity
2 hours of activity
2 hours of activity
2 hours of activity
2 hours of activity
2 hours of activity
Training Availability
Each P2P File sharing network has a Law Enforcement investigative tool available.
Training is required to use the investigative tool.
The National Criminal Justice Training Center delivers training throughout the United States and can provide training on these tools as well as many other investigative areas
www.ncjtc.org.
Thank you
Law Enforcement can request an account at:
www.icaccops.com/users
Robert Erdely [email protected]
+1 (484) 727-8283
Thomas [email protected]