A Model for Foxy Peer-to-Peer Network Investigations

  • Ricci Ieong
  • Pierre Lai
  • Kam-Pui Chow
  • Frank Law
  • Michael Kwan
  • Kenneth Tse
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 306)


In recent years, peer-to-peer (P2P) applications have become the dominant form of Internet traffic. Foxy, a Chinese community focused filesharing tool, is increasingly being used to disseminate private data and sensitive documents in Hong Kong. Unfortunately, its scattered design and a highly distributed network make it difficult to locate a file originator. This paper proposes an investigative model for analyzing Foxy communications and identifying the first uploaders of files. The model is built on the results of several experiments, which reveal behavior patterns of the Foxy protocol that can be used to expose traces of file originators.


Peer-to-peer network forensics Foxy network Gnutella 2 protocol 


  1. 1.
    Architecture Technology Corporation, P2P Marshal Digital Forensics Software, Eden Prairie, Minnesota (p2pmarshal.atc-nycorp .com).Google Scholar
  2. 2.
    E. Bangeman, P2P responsible for as much as 90 percent of all ’Net traffic, Ars Technica, September 3, 2007.Google Scholar
  3. 3.
    BBC News, BitTorrent user guilty of piracy ( /technology/4374222.stm), October 25, 2005.Google Scholar
  4. 4.
    J. Cheng, Sandvine: Close to half of all bandwidth sucked up by P2P, Ars Technica, June 23, 2008.Google Scholar
  5. 5.
    M. Chesterton, Edison Chen and 7 HK stars involved in sex photos scandal, eNews 2.0, February 21, 2008.Google Scholar
  6. 6.
    K. Chow, K. Cheng, L. Man, P. Lai, L. Hui, C. Chong, K. Pun, W. Tsang, H. Chan and S. Yiu, BTM - An automated rule-based BT monitoring system for piracy detection, Proceedings of the Second International Conference on Internet Monitoring and Protection, p. 2, 2007.Google Scholar
  7. 7.
    K. Chow, R. Ieong, M. Kwan, P. Lai, F. Law, H. Tse and K. Tse, Security Analysis of the Foxy Peer-to-Peer File-Sharing Tool, Technical Report TR-2008-09, Department of Computer Science, University of Hong Kong, Hong Kong, 2008.Google Scholar
  8. 8.
    Discordia, Shareaza, New York ( Scholar
  9. 9.
    Gnutella2, Gnutella2 Developer Network ( Scholar
  10. 10.
    R. Ieong, P. Lai, K. Chow, M. Kwan, F. Law, H. Tse and K. Tse, Forensic investigation and analysis of peer-to-peer file-sharing networks (submitted for publication), 2009.Google Scholar
  11. 11.
    P. Moy, Warning over rape clips, The Standard, Hong Kong, September 12, 2008.Google Scholar
  12. 12.
    P. Moy and N. Patel, Covert cops hit by leaks, The Standard, Hong Kong, May 27, 2008.Google Scholar
  13. 13.
    O. Nasraoui, D. Keeling, A. Elmaghraby, G. Higgins and M. Losavio, Node-based probing and monitoring to investigate the use of peer-to-peer technologies for the distribution of contraband material, Proceedings of the Third International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 135–140, 2008.Google Scholar
  14. 14.
    Vastel Technology, Foxy, Hong Kong ( Scholar
  15. 15.
    Wireshark Foundation, Wireshark, San Jose, California (www.wire Scholar
  16. 16.
    Zemerick Software, Spear Forensics Software, Oak Hill, West Virginia ( Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Ricci Ieong
  • Pierre Lai
  • Kam-Pui Chow
  • Frank Law
  • Michael Kwan
  • Kenneth Tse

There are no affiliations available

Personalised recommendations