2010-07-30 LimeWire Made Me Do It

LimeWire Made
Me Do It
Frederick S. Lane
FSLane3@gmail.com
www.ComputerForensicsDigest.com
Federal Public Defender of Middle Tennessee and
Federal Defender Services of Eastern Tennessee, Inc.
30 July 2010
www.FrederickLane.com
And Other Digital Follies
www.ComputerForensicsDigest.com

Seminar Overview – Part I
• Introduction
• Basics of P2P Software
• Evidence of Intent
• Law Enforcement Initiatives
• P2P in the Courts
www.FrederickLane.com www.ComputerForensicsDigest.com

Seminar Overview – Part II
• Basics of File Storage and
Web Browser Caches
• “Every Breath You Take …”
• Cookie Crumbs
• Caches in the Courts

Seminar Logistics
• Ask ‘em If You’ve Got ‘em
• Download a PDF of slides:
bit.ly/a9wgM6
Survey/Feedback:
bit.ly/cfDZCY
• Email Me: FSLane3@gmail.com

Personal Background
• Computer
Forensics Expert

Personal Background
• Computer
Forensics Expert
• Author of 5 Books

Personal Background
• Computer
Forensics Expert
• Chair, Burlington
(VT) School Board

Personal Background
• Computer
Forensics Expert
(VT) School Board
• Attorney &
Lecturer

Personal Background
• Computer
Forensics Expert
(VT) School Board
• Attorney &
Lecturer
• Privacy Expert

Computer Forensics Experience
• A Decade of Computer Forensics
Experience -- United States v. Dean (1999)
• Civil and Criminal Cases
• Emphasis on Obscenity and Child
Pornography
• Training in X-Ways Forensics
• ComputerForensicsDigest.com
& Digital Dirt Blawg

• Sneakernets
“And File Sharing Begat P2P…”

• Sneakernets
• 1999 – Napster

• Sneakernets
• DMCA =
#epicfail

• Sneakernets
• DMCA =
#epicfail
• 2000 - Gnutella

• Sneakernets
• DMCA =
#epicfail
• 2000 – Gnutella
• 2009 – P2P the
largest source of
network traffic

Popular Peer-to-Peer Networks
• Gnutella, Gnutella2
• BitTorrent
• FastTrack
• KaZaA
• eDonkey
• Mininova
• Skype

Popular Peer-to-Peer Clients
• LimeWire
• FrostWire
• BitComet
• Vuze
• µTorrent
• MP3 Rocket
• BitTorrent
• Morpheus
• LimeWire Pro
• Ares Galaxy

Typical Operation of P2P Software
• Users Download Client Software and
Register for an Account
• Users Search for Specific Types of Content
• Users Click on a Search Result to Initiate
Download
• P2P Software Typically Downloads to a
“Shared” Directory
• Content Can Be Made Instantly Available to
Other Users of P2P Software

Core Issue: Extent of User Control
• Nature and Name of Downloaded
Contents
• Evidence Downloaded Files Were
“Previewed” During Download Process
• Search Terms Used
• Are Client Settings Default or
Specialized? Directories, Sharing, etc.
• Evidence of Degree of Sophistication

Example: LimeWire Setup

Federal Anti-CP Programs
• FBI Cyber Crimes Program
• Innocent Images National Initiative
• Internet Crimes Against Children (ICAC)
• National Center for Missing and Exploited
Children
• Myriad Task Forces
• Operation Fairplay (Wyoming/TLO)

Typical P2P Investigation
• Law Enforcement Officer Uses P2P Client to
Search for Contraband – Keywords &
Hashes
• Download of Possible Contraband Initiated
• P2P Client Shows IP Address of Source
• List of Files at That Source Can Be Viewed
• IP Address Is Traced to Physical Address
• Warrant Obtained for Search and Seizure of
Computer Equipment at That Address

P2P In the Courts
• An area of increasing interest for courts:
roughly 300 federal decisions involving P2P
software – only 25 or so state decisions
• Does law enforcement use of P2P client
constitute “search” of suspect’s computer?
• Questions of control and distribution by
suspect
• Enhancements under sentencing guidelines

Recent P2P Decisions
• Comcast v. F.C.C., 08-1291 (D.C. Cir. April 6,
2010) – rejecting F.C.C.’s ability to regulate
network traffic
• U.S. v. Dodd, 09-1946 (8th Cir. 2010) – P2P
supports sentencing enhancement
• U.S. v. Dyer, 589 F.3d 520 (1st Cir. 2009) – P2P
can enhance sentence for distribution
• U.S. v. Borowy, 595 F.3d 1045 (9th Cir. 2010) --
No 4th Amend. violation in LimeWire
investigation

What’s That Doing on My
Hard Drive?
• Web Browser Overview
• Web Browser Caches & Cookies
• “Every Breath You Take …”
• File Storage, Deletion, and
Recovery
• Caches in the Courts

Multiple Browsers,
Multiple Caches
• First There Was Netscape …
• Internet Explorer, Mozilla,
Opera, Google Chrome
• Safari and Mac variants
• Extract cache files or analyze
disk

Cache Value
• Small Hard Drives & Dial-Up
• Hidden Files
• Organized by User
• Thumbnails
• Is “Private Mode” Really
Private?

Other Types of Web History
• Cookies
• Directory Listings
• Email
• Network Logs
• Internet Service Providers

Distressingly Durable Data
• A Quick Overview of Computer
Forensics
• The Hardware of Data Storage
– Drives, Disks, RAM, ROM,
Flash, etc.
• Directories & Files
• I Never Metadata …

The Great Delete Myth
• Of DOS and Disks

• Sneakernets

• Sneakernets
• “Information
Wants to Be Free”

• Sneakernets
• “Information
Wants to Be Free”
• “Intriguing but
vague”

• Sneakernets
• “Information
Wants to Be Free”
• “Intriguing but
vague”
• Whole Earth
Duplication

Some Common File Questions …
• File Timestamps – Created, Last
Modified, Last Accessed?
• Is It Possible to Determine Length of
Time an Image or Video Was Viewed?
• Files Lost in Space: Allocated,
Unallocated, Slack, Other Partitions
• All Thumbs.db

Cache in the Courts
• U.S. v. Vosburgh, 08-4702 (3d Cir. April 20, 2010)
[pro-Gov.] – Thumbs.db
• U.S. v. Kain, 589 F.3d 945 (8th Cir. 2009) [pro-Gov.]
• U.S. v. Miller, 527 F.3d 54 (3rd Cir. 2008) [even]
• U.S. v. Kuchinski, 469 F.3d 853 (9th Cir. 2006); U.S.
v. Romm, 455 F.3d 990 (9th Cir. 2006) [pro-
defendant]
• U.S. v. Tucker, 305 F.3d 1193 (10th Cir. 2002) [pro-
Gov.]

Survey/Feedback
http://bit.ly/cfDZCY
(survey open until
August 6, 2010 at 5:00 p.m.)

2010-07-30 LimeWire Made Me Do It

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (7)

Semelhante a 2010-07-30 LimeWire Made Me Do It

Semelhante a 2010-07-30 LimeWire Made Me Do It (20)

Mais de Frederick Lane

Mais de Frederick Lane (20)

Último

Último (20)

2010-07-30 LimeWire Made Me Do It