In 2001, Frédéric AIDOUNI has designed with Cyril VRILLAUD a smart software to chase diffusers of children pornography files on the IRC : LogIRC. That system is running on the five continents in national investigation agencies.
Some motivated investigators are yet doing manual identification on these networks, but :
After several month of research, packet analisys, protocols scanning, @idounix has designed, in early 2003, a system which identify diffusers of illegal content on Peer-to-Peer networks.
LogP2P can accurately identify the diffusers of child pornography files by logging their IP address. It repport it as a fully descriptive repport which can be exported into a procedure.
LogP2P perform a monitoring and a realtime analisys of incoming network traffic. It sits between the investigators and the Internet to identify the diffusers of any kind of contents (movies, images, softwares or mp3).
It fits perfectly into anti-cyber-crimilaty toolbox.
How does it works
LogP2P is a monitoring tool which needs a dedicated GNU/Linux server.
For pedophile images monitoring, the minimum configuration is as follow :
LogP2P is a memory and computation consumer. The more Peer-to-Peer client it monitor, the more powerful the server must be. For example, base hardware configuration can monitor 2 to 3 Peer-to-Peer clients.
LogP2P server needs the following packages to operate :
LogP2P is written in the Python language, libpcap is for network sniffing.
Samba is the main repository for Peer-to-Peer clients downloaded files. LogP2P will checksum them with MD5.
If the network is switched, LogP2P will attempt to configure itself as a network gateway. In that case, Peer-to-Peer clients must use that gateway.
LogP2P installation is a matter of minutes, @idounix provides an environment validation software, which certify that LogP2P can operate on your system.
Also provided is the main LogP2P loader which will retrieve from the Internet the main code as well as datafiles. This, will warranty that it's always the last stable version of the software.
Two main options to configure to operate LogP2P:
That configuration reside in an .ini like file that LogP2P will pre-initialize a first start-up. That file could look like this :
LogP2P is two parts :
Investigators uses their Peer-to-Peer clients to download potentially illegal files, LogP2P monitor and scan that network traffic.
With those data, it will build reports which can be manipulated :
A typical scenario is to search for potentilly illegal files, download them in mass, and look the main Internet Domains log from hour to hour, or... on next day morning. Validate the illegal contents and export to a word processor to write the procedure.
Starring at the screen on only one Peer-to-Peer client to try to obtain diffusers IP will never happen again. LogP2P provides automatically, and accurately identification reports.
Please, Contact us for more informations.