Skip to main content
Springer Nature Link
Log in

Forensic Analysis and Remote Evidence Recovery from Syncthing: An Open Source Decentralised File Synchronisation Utility

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2015)

Included in the following conference series:

  • 1404 Accesses

Abstract

Commercial and home Internet users are becoming increasingly concerned with data protection and privacy. Questions have been raised regarding the privacy afforded by popular cloud-based file synchronisation services such as Dropbox, OneDrive and Google Drive. A number of these services have recently been reported as sharing information with governmental security agencies without the need for warrants to be granted. As a result, many users are opting for decentralised (cloudless) file synchronisation alternatives to the aforementioned cloud solutions. This paper outlines the forensic analysis and applies remote evidence recovery techniques for one such decentralised service, Syncthing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Greenwald, G., MacAskill, E.: NSA prism program taps in to user data of apple, google and others. Guardian 7(6), 1–43 (2013)

    Google Scholar 

  2. Pounds, E.: Introducing BitTorrent Sync 1.4: An Easier Way to Share Large Files (2014). http://blog.bittorrent.com/2014/08/26/introducing-bittorrent-sync-1-4-an-easier-way-to-share-large-files/. Accessed April 2015

  3. Scanlon, M., Farina, J., Le Khac, N.-A., Kechadi, M.-T.: Leveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync, pp. 85–99, September 2014

    Google Scholar 

  4. Borg, J.: SyncThing (2015). http://www.syncthing.net. Accessed April 2015

  5. Farina, J., Scanlon, M., Kechadi, M.-T.: Bittorrent sync: first impressions and digital forensic implications. Digital Invest. 11(Suppl. 1), S77–S86 (2014). Proceedings of the First Annual {DFRWS} Europe

    Article  Google Scholar 

  6. Quick, D., Choo, K.-K.R.: Dropbox analysis: data remnants on user machines. Digital Invest. 10(1), 3–18 (2013)

    Article  Google Scholar 

  7. Quick, D., Choo, K.-K.R.: Digital droplets: microsoft skydrive forensic data remnants. Future Gener. Comput. Syst. 29(6), 1378–1394 (2013). Including Special sections: High Performance Computing in the Cloud and Resource Discovery Mechanisms for P2P Systems

    Article  Google Scholar 

  8. Quick, D., Choo, K.-K.R.: Google drive: forensic analysis of data remnants. J. Netw. Comput. Appl 40, 179–193 (2013)

    Article  Google Scholar 

  9. Quick, D., Choo, K.-K.R.: Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digital Invest. 10(3), 266–277 (2013)

    Article  Google Scholar 

  10. Federici, C.: Cloud data imager: a unified answer to remote acquisition of cloud storage areas. Digital Invest. 11(1), 30–42 (2014)

    Article  Google Scholar 

  11. Reddit. SyncThing: Open Source BitTorrent Sync Alternative (P2P Sync Tool) (2015). http://www.webupd8.org/2014/06/syncthing-open-source-bittorrent-sync.html. Accessed April 2015

  12. Borg, J.: SyncThing: Block Exchange Protocol (2015). https://github.com/syncthing/specs/blob/master/BEPv1.md. Accessed April 2015

  13. Borg, J.: SyncThing: Config File and Directory (2015). https://github.com/syncthing/syncthing/wiki/Config-File-and-Directory. Accessed April 2015

  14. Borg, J.: SyncThing: Device IDs (2015). https://github.com/syncthing/syncthing/wiki/Device-IDs. Accessed April 2015

  15. Borg, J.: SyncThing: Device Discovery Protocol v2 (2015). https://github.com/syncthing/specs/blob/master/DISCOVERYv2.md. Accessed April 2015

  16. Garfinkel, S., Nelson, A., White, D., Roussev, V.: Using purpose-built functions and block hashes to enable small block and sub-file forensics. Digital Invest. 7, S13–S23 (2010)

    Article  Google Scholar 

  17. Paul, J.: Java Revisited: Difference Between TrustStore and KeyStore Java SSL (2015). http://javarevisited.blogspot.ie/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html. Accessed April 2015

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University College Dublin, Dublin, 4, Ireland

    Conor Quinn, Mark Scanlon, Jason Farina & M.-Tahar Kechadi

Authors
  1. Conor Quinn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Scanlon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jason Farina
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M.-Tahar Kechadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Scanlon .

Editor information

Editors and Affiliations

  1. Digital Forensic Research Institute, Hallym University, Chuncheon-si, Korea (Republic of)

    Joshua I. James

  2. University of New Heaven, West Haven, Connecticut, USA

    Frank Breitinger

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social informatics and Telecommunication Engineering

About this paper

Cite this paper

Quinn, C., Scanlon, M., Farina, J., Kechadi, MT. (2015). Forensic Analysis and Remote Evidence Recovery from Syncthing: An Open Source Decentralised File Synchronisation Utility. In: James, J., Breitinger, F. (eds) Digital Forensics and Cyber Crime. ICDF2C 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 157. Springer, Cham. https://doi.org/10.1007/978-3-319-25512-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25512-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25511-8

  • Online ISBN: 978-3-319-25512-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics