Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Fileshareforensics - in Depth With P2P: Powered by SMF 1.1.11 - SMF © 2006-2009, Simple Machines LLC

    Enviado por

    jformica
    118 visualizações1 página
    This document summarizes key forensic evidence that can be extracted from the peer-to-peer file sharing application Grokster version 1.70. It details the default installation location and registry settings that indicate sharing status and shared folders. Other files like download logs, playback logs, and download databases are mentioned. Specialized forensic software like KaZAlyser can retrieve additional details from these files like previously shared/downloaded files, partial download sources, and search histories. The full contents of the shared resources and download databases along with the Grokster registry key are needed for forensic analysis.

    Descrição original:

    Forensic analysis of Grokster version170

    Título original

    Grokster v.170

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    This document summarizes key forensic evidence that can be extracted from the peer-to-peer file sharing application Grokster version 1.70. It details the default installation location and registry settings that indicate sharing status and shared folders. Other files like download logs, playback logs, and download databases are mentioned. Specialized forensic software like KaZAlyser can retrieve additional details from these files like previously shared/downloaded files, partial download sources, and search histories. The full contents of the shared resources and download databases along with the Grokster registry key are needed for forensic analysis.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    118 visualizações1 página

    Fileshareforensics - in Depth With P2P: Powered by SMF 1.1.11 - SMF © 2006-2009, Simple Machines LLC

    Enviado por

    jformica
    This document summarizes key forensic evidence that can be extracted from the peer-to-peer file sharing application Grokster version 1.70. It details the default installation location and registry settings that indicate sharing status and shared folders. Other files like download logs, playback logs, and download databases are mentioned. Specialized forensic software like KaZAlyser can retrieve additional details from these files like previously shared/downloaded files, partial download sources, and search histories. The full contents of the shared resources and download databases along with the Grokster registry key are needed for forensic analysis.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 1

    Fileshareforensics - in depth with P2P

    P2P applications => Grokster => Topic started by: Soren Christensen on May 11, 2007, 11:27:50 AM

    Title: Grokster v. 1.70 Post by: Soren Christensen on May 11, 2007, 11:27:50 AM Default installation path The program installs by default at "C:\Program Files\Grokster" and sets up the folder "C:\My Downloads" as shared with other users Windows registry settings In the Windows registry there are interesting settings to be found. The settings can be found in then "NTUSER.DAT" file (WinXP/W2K) or "SYSTEM.DAT" (Win9x). In the subkey "Software" - "Grokster" - "LocalContent" is the following keys to be found: * DisableSharing (value "0" indicates sharing is on - value "1" indicates sharing is off * Dir0 (indicates the download/share directory. More Dir keys indicates further shared folders

    Other files of "interest" * np.tmp (contains information's on what film clips has been played in Grokster's internal viewer) * *.dbb filer (contains information's on which files has been downloaded by the program)

    It is possible to examine the Grokster files further by using special software - e.g. KaZAlyser (by Sanderson Forensics). By using KaZAlyser it is possible to retrieve information's on the content of the shared resources, what files previously has been downloaded and been accessible to other users, IP-addresses of the "providers" of partially downloaded files etc. There is also a utility to recognize known child pornographic files (by hash value) - also for files, that has been deleted (the hash-value is stored in the .dbb file). It is also possible to read the last 50 searchterms used in Grokster (the information's are stored encrypted in the registry) If you want to use this software you need the folowing files:

    * All ".dbb" files * The whole "Grokster-key" from the registry * The whole physical content of shared resources Installation file: Grokster v. 1.70 (http://fileshareforensics.org//forum/installfiles/grokster/v170/grokstersetup.zip) Screenshots: (http://fileshareforensics.org/forum/screenshots/grokster/v170/Image1.jpg) (http://fileshareforensics.org/forum/screenshots/grokster/v170/Image2.jpg)

    Powered by SMF 1.1.11 | SMF 2006-2009, Simple Machines LLC

    Você também pode gostar