Windows Operating System has this functionality of connecting multiple computers altogether for internal sharing and exchange of data. Microsoft uses two different logical models for this, Workgroups and Domains. Corporates computers are usually connected through such networks and in case of any corporate forensic investigation of P2P local networks, it is important to analyze of all the connected systems for complete network data analysis in peer to peer file sharing. Investigators must be aware of the arrangement and differences between these two models in order to monitor and examine security vulnerabilities.
Two Different Logical Models
The peer to peer file sharing networks allow the user to access and share the data within the network. In the corporate level operations they are normally use this kind of file sharing method to easily share the data and collaborate the works between the peers. How much this method have importance that much risky also it is. The three common categories of P2P file sharing networks are:
In centralized network one central index server maintain information about all active nodes in that network. If any new nod need to join in the network then it need to send information about itself to the central index server.
In completely decentralized P2P network there is no any central index server or directory. All nodes in this network is identical and no nodes containing more information or functions than its peers.
In semi-centralized networks multiple nodes contains the index information. They are known as the “super nodes or hubs”. These nods need to perform functions in addition to the regular nodes in the network.
Proper understanding of different types of P2P network will help to efficiently perform network data analysis in peer to peer file sharing during the forensic investigation.
In the corporate world the use of peer to peer local network is very commonly to share and integrate the workers in their jobs. When a peer to peer file sharing network containing an information or data file related to any crime or any unethical activity occurred on the file transfering network. It is necessary to perform P2P forensic investigation to identify and analyse the data. With the help of forensic evidence collection tool the evidence from the computer network can be extract easily.
During the network data analysis in peer to peer file sharing, several stages of evidence collection is needed. Challenges during the evidence collection can be classified as legal and technical. The legal challenges in peer to peer forensic data analysis include jurisdiction, spreading of illegal content etc.
Validation of Evidence
During the court procedure validation of evidences collected at every stage is necessary. So if there is any flow in the initial evidence collected the entire investigation could be invalidate.
Blacklisting of Monitor
In some situations the nodes are installed with IP filtering software to prevent a set of known IP address from accessing the node. Before the initial evidence collection it need to confirm that the IP address of the tool not exist in that list.
Encryption of Data
Encryption in the communication make the network monitoring complicated. It will prevent from obtain meaning full information from the network.
It is important that to collect relevant information in the initial stage of investigation. But logging every incoming & outgoing packets would be lead to a need of large amount of storage. Hence it is important to filter out the data which are not providing any meaningful informations.
After Knowing the challenges in the forensic forensic investigation of peer to peer file sharing networks now, you must be thinking about which is the best forensics evidence collection tool to perform peer to peer data analysis in computer forensics. One of the most reliable and recommended tool for P2P forensic investigation is MailXaminer.
MailXaminer software program is now embedded with network data analysis feature of giving users access for all the computers connected within certain Workgroup or Domain network. It lets examiners to access the email files (and other files) to be added to the software program to fetch data from network for further analysis. In this way, investigation of files stored in all the systems within a network can be done by performing the operations on same system through Administrative login. Follow the Bellow steps to perform network data analysis in peer to peer file sharing on computer networks.
Click on Scan File option in order to add the email file to the software.
Click on File Format to be examined like here we have selected Outlook PST file. Click on Browse and then search for the PST file through the network.
This will display the system locations along with the Network. All the systems available in this P2P file sharing network (Workgroup or Domain) will be listed.
Click on any particular domain system name to perform network data analysis in peer to peer file sharing, which will scan files from network and the associated shared folders will be displayed. Here, we have selected WIN8 and all the folders are displayed.
Open the folder to find respective file in that system folder. Select the file and click on Open to add the file for investigation.
Note: It is important that the system is part of the same domain to which host machine belongs.
Application will prompt users to provide User Name and Password for accessing any system in certain workgroup.
There are some important permissions requiredt to perform network data analysis in peer to peer file sharing during the Forensic investigation in computer networks. The permisions required for both Workgroup and Domain networks are given bellow.
This support for searching through whole systems added to the network for performing network data analysis in P2P file transfer is extremely beneficial for interrogating emails of all systems through same host machine. With this integrated facility of network forensic analysis software, users can perform a systematic investigation.