Computer Forensics & Data Recovery has articles on a wide variety of subjects relating to Computer Forensics - Data Recovery, Computer Crime, Cryptography, Freeware Computer Forensic Toolkit.


Fresh Advice:

The most important part of your PC is your data. In the event of a serious system crash, you can usually restore the operating system and programs that you use, but your personal data may be lost. Although emergency data recovery options are available, these will tend to be costly and there is no guarantee that everything you want can be recovered. A better approach is to start a regular routine of backing up your important data.


Your data should be backed up as often as possible, It isn't necessary to back up your whole hard drive. Identify the folders that hold your important files and only back those folders up to save on storage space. To find out where your files are being stored, use "Save As" instead of just hitting "Save" when you create or update your files, and note the location the program is using to write your data.

Bit Torrent


Bit Torrent Overview

Bit Torrent is a peer-to-peer file distribution protocol. Bram Cohen designed the protocol in April 2001 and implemented it in summer 2002. Bit Torrent was designed to be a simple way of file sharing amongst multiple peers and across unreadable networks. The service works by a Bit Torrent client downloading the desired file(s) via a tracker on the internet. A tracker is a server which assists in the communication between peers using the Bit Torrent protocol. It is also the only major critical point, as clients are required to communicate with the tracker to initiate downloads.
To download a file(s) with a Bit Torrent client a small torrent file is needed, which can be downloaded from various tracker websites (, This torrent file is typically around 50KB in size and by convention has the suffix .torrent. This file contains metadata about the file to be shared and information about the tracker. When the Bit Torrent client initiates the download the client connects to the tracker and retrieves a list of other peers currently downloading the file(s). The client then sends a message to those peers requesting a connection in order to download the various pieces of the file. This group of peers are known as the swarm. As new peers enter the swarm they begin to trade pieces of the file with one another. Therefore, the more users within the swarm the faster the download speeds will be for individual users. "The peer distributing the file breaks it down into a number of identically-sized pieces, typically between 64 KB and 1 MB each. Pieces over 512 KB are used to reduce the size of torrent files for very large payloads, but also reduce the efficiency of the protocol." [1]. The peer creates a checksum for each piece, using a hashing algorithm (SHA-1), and records it in the torrent file. When a peer receives the piece, it compares the recorded checksum to the actual checksum of the received piece to test that it is error-free.
Bit Torrent Clients incorporate mechanisms to optimise their download and upload speeds; for example they download pieces in a random order, to increase the opportunity to exchange data. Clients may prefer to send data to peers that send data back to them (tit for tat), which encourages fair trading. But strict policies often result in suboptimal situations, where newly joined peers are unable to receive any data because they don't have any file pieces yet to trade themselves. To overcome this problem, clients use a mechanism called "optimistic unchoking," where the client reserves a portion of its available bandwidth for sending pieces to random peers, in hopes of discovering even better partners and to ensure that newcomers get a chance to join the swarm.



Bit Torrent clients are very flexible, allowing the user to change a wide variety of options. The port range (default 6881-6999) can be changed to any valid port. However, trackers use the port 6969 and this will need to be active at all times. Maximum download and upload speeds can be set on most Bit Torrent clients. Many users think that if the maximum upload speed is lowered then the download speed will increase, but this is not the case. As Bit Torrent uses the tit-for-tat scheme a low upload speed will compromise the download speed. This feature is known as "anti-leech" which limits the users if they are trying to download considerably faster than they are uploading.



Bit torrent consists of two elements; the tracker and client. This allows Bit Torrent to make use of multiple protocols. HTTP downloads typically make a single HTTP request through a single TCP socket. Whereas the Bit Torrent client downloads makes requests over different TCP sockets as set by the server or client. Generally a Bit Torrent client, by default, uses ports in the range of 6881-6999. Upon connection to a peer, the client starts with the lowest port number within the given range and consecutively attempts higher ports until a successful connection is achieved. A different port is used to connect to each peer/seeder. A client may encounter blocked ports due to routers, switches, gateways, and firewalls, all of which must be configured to Bit Torrent access the range of ports. Bit torrent is not compatible with UDP.
The tracker is a HTTP/HTTPS service which responds to HTTP requests in the standard way. The tracker can also be sent data from the clients such as file integrity. The response includes a peer list that helps the client connect to new peers for downloads and uploads. "The URL of the tracker is retrieved from the "announce URL" as defined in the metadata header within the torrent file." [2]


Computer Misuse

A growing number of individuals and organizations are using Bit Torrent to distribute their own or licensed material. The most notable of these is Bit Torrent Inc. which has amassed a number of licenses from Hollywood studios for distributing popular content at the company's website. However, the majority of Bit Torrent downloads infringes copyright laws. As a result of this Bit Torrent trackers have been frequent targets of raids and shutdowns due to claims of copyright infringement. The trackers argue that the torrent files do not contain any copyrighted data and therefore must be legal. Despite this claim the MPAA (Motion Picture Association of America) and RIAA (Recording Industry Association of America) are under constant pressure to shutdown Bit Torrent trackers.


Restricting & Preventing Usage

Various methods can be used to restrict users from gaining access to illegal files via Bit Torrent. Firstly, access can be prohibited to tracker websites that are known to store copyrighted and illegal torrent files. Using this method, users can still gain access to torrent files but it will be more difficult to do so. Prevention of Bit Torrent use, from a system administrator's point of view, is fairly easy to achieve. Ports between 6881-6999 are typically used by Bit Torrent clients and can easy be blocked on a network via the firewall configuration. Also user download speeds can be restricted to a given speed. This method will not completely prevent downloads using a Bit Torrent client, but will restrict users to such an extent that the use of Bit Torrent will be worthless. Another prevention method would be to configure the firewall to block all transfers for all known Bit Torrent Clients.


Python Implementation

Bram Cohen originally used Python to implement Bit Torrent because of its easy to maintain code. "My favourite language for maintainability is Python. It has simple, clean syntax, object encapsulation, good library support, and optional named parameters." [3]. The simplicity of Python makes it a very powerful language compared to other programming languages such as Perl.
When developing Bit Torrent, Cohen wanted the service to be compatible with a wide variety of machines. In order to accomplish this Bit Torrent would need to be compatible with the older and slower machines. Python incorporates some very fast extension libraries helping to address this issue. "Python is a good introductory programming language, not least of which because programmers like to use it." [4].


Cryptographic Methods - Posted on 10/1/2008

Computer Crime and Computer Forensics - Posted on 2/1/2008

The Freeware Forenic Toolkit - Posted on 6/12/2007