The dark side of I2P, a forensic analysis case study

Behnam Bazli, Maxim Wilson, William Hurst*

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

7 Citations (Scopus)


File sharing applications, which operate as a form of Peer-to-Peer (P2P) network, are popular amongst users and developers due to their heterogeneity, decentralized approach and rudimentary deployment features. However, they are also used for illegal online activities and often are infested with malicious content such as viruses and contraband material. This brings new challenges to forensic investigations in detecting, retrieving and examining the P2P applications. Within the domain of P2P applications, the Invisible Internet Project (IP2) is used to allow applications to communicate anonymously. As such, this work discusses its use by network node operators and known attacks against privacy or availability of I2P routers. Specifically, we investigate the characteristics of I2P networks in order to outline the security flaws and the issues in detecting artefacts within the I2P. Furthermore, we present a discussion on new methods to detect the presence of I2P using forensic tools and reconstruct specific I2P activities using artefacts left over by network software.

Original languageEnglish
Pages (from-to)278-286
Number of pages9
JournalSystems Science & Control Engineering
Issue number1
Publication statusPublished - 12 Jun 2017
Externally publishedYes


  • Forensics analysis
  • I2P artefacts
  • P2P networks
  • Security


Dive into the research topics of 'The dark side of I2P, a forensic analysis case study'. Together they form a unique fingerprint.

Cite this