A lecture presented to the Office of the Federal Defender in Reno, Nevada on November 16, 2010 and in Las Vegas on November 17, 2010.

1. LimeWire Made
Me Do It
Frederick S. Lane
FSLane3@gmail.com
www.ComputerForensicsDigest.com
Federal Public Defenders of Nevada
16 November 2010
www.FrederickLane.com
And Other Digital Follies
www.ComputerForensicsDigest.com

2. Seminar Logistics
• Ask ‘em If You’ve Got ‘em
• Download a PDF of slides
from:
ComputerForensicsDigest.com
• Email Me:
FSLane3@gmail.com
www.FrederickLane.com www.ComputerForensicsDigest.com

3. Seminar Overview
• Introduction
• Basics of P2P Software
• Evidence of Intent
• Law Enforcement Initiatives
• P2P in the Courts
www.FrederickLane.com www.ComputerForensicsDigest.com

4. Personal Background
• Computer
Forensics Expert
www.FrederickLane.com www.ComputerForensicsDigest.com

5. Personal Background
• Computer
Forensics Expert
• Author of 5 Books
www.FrederickLane.com www.ComputerForensicsDigest.com

6. Personal Background
• Computer
Forensics Expert
• Author of 5 Books
• Chair, Burlington
(VT) School Board
www.FrederickLane.com www.ComputerForensicsDigest.com

7. Personal Background
• Computer
Forensics Expert
• Author of 5 Books
• Chair, Burlington
(VT) School Board
• Attorney &
Lecturer
www.FrederickLane.com www.ComputerForensicsDigest.com

8. Personal Background
• Computer
Forensics Expert
• Author of 5 Books
• Chair, Burlington
(VT) School Board
• Attorney &
Lecturer
• Privacy Expert
www.FrederickLane.com www.ComputerForensicsDigest.com

9. Computer Forensics Experience
• A Decade of Computer Forensics
Experience -- United States v. Dean (1999)
• Civil and Criminal Cases
• Emphasis on Obscenity and Child
Pornography
• Training in X-Ways Forensics
• ComputerForensicsDigest.com
& Digital Dirt Blawg
www.FrederickLane.com www.ComputerForensicsDigest.com

10. • Sneakernets
www.FrederickLane.com www.ComputerForensicsDigest.com
“And File Sharing Begat P2P…”

11. • Sneakernets
• 1999 – Napster
www.FrederickLane.com www.ComputerForensicsDigest.com
“And File Sharing Begat P2P…”

12. • Sneakernets
• 1999 – Napster
• DMCA =
#epicfail
www.FrederickLane.com www.ComputerForensicsDigest.com
“And File Sharing Begat P2P…”

13. • Sneakernets
• 1999 – Napster
• DMCA =
#epicfail
• 2000 - Gnutella
www.FrederickLane.com www.ComputerForensicsDigest.com
“And File Sharing Begat P2P…”

14. • Sneakernets
• 1999 – Napster
• DMCA =
#epicfail
• 2000 – Gnutella
• 2009 – P2P the
largest source of
network traffic
www.FrederickLane.com www.ComputerForensicsDigest.com
“And File Sharing Begat P2P…”

15. Popular Peer-to-Peer Networks
• Gnutella, Gnutella2
• BitTorrent
• FastTrack
• KaZaA
• eDonkey
• Mininova
• Skype
www.FrederickLane.com www.ComputerForensicsDigest.com

16. Popular Peer-to-Peer Clients
• LimeWire
• FrostWire
• BitComet
• Vuze
• µTorrent
• MP3 Rocket
• BitTorrent
• Morpheus
• LimeWire Pro
• Ares Galaxy
www.FrederickLane.com www.ComputerForensicsDigest.com

17. Typical Operation of P2P Software
• Users Download Client Software and
Register for an Account
• Users Search for Specific Types of Content
• Users Click on a Search Result to Initiate
Download
• P2P Software Typically Downloads to a
“Shared” Directory
• Content Can Be Made Instantly Available to
Other Users of P2P Software
www.FrederickLane.com www.ComputerForensicsDigest.com

18. Core Issue: Extent of User Control
• Nature and Name of Downloaded
Contents
• Evidence Downloaded Files Were
“Previewed” During Download Process
• Search Terms Used
• Are Client Settings Default or
Specialized? Directories, Sharing, etc.
• Evidence of Degree of Sophistication
www.FrederickLane.com www.ComputerForensicsDigest.com

19. Federal Anti-CP Programs
• FBI Cyber Crimes Program
• Innocent Images National Initiative
• Internet Crimes Against Children (ICAC)
• National Center for Missing and Exploited
Children
• Myriad Task Forces
• Operation Fairplay (Wyoming/TLO)
www.FrederickLane.com www.ComputerForensicsDigest.com

20. Typical P2P Investigation
• Law Enforcement Officer Uses P2P Client to
Search for Contraband – Keywords &
Hashes
• Download of Possible Contraband Initiated
• P2P Client Shows IP Address of Source
• List of Files at That Source Can Be Viewed
• IP Address Is Traced to Physical Address
• Warrant Obtained for Search and Seizure of
Computer Equipment at That Address
www.FrederickLane.com www.ComputerForensicsDigest.com

21. P2P In the Courts
• An area of increasing interest for courts:
roughly 300 federal decisions involving P2P
software – only 25 or so state decisions
• Does law enforcement use of P2P client
constitute “search” of suspect’s computer?
• Questions of control and distribution by
suspect
• Enhancements under sentencing guidelines
www.FrederickLane.com www.ComputerForensicsDigest.com

22. LimeWire Made
Me Do It
Frederick S. Lane
FSLane3@gmail.com
www.ComputerForensicsDigest.com
Federal Public Defenders of Nevada
16 November 2010
www.FrederickLane.com
And Other Digital Follies
www.ComputerForensicsDigest.com