./acs-law.co.uk/andrew.crossley/cur/1281173676.H197274P22678.mail2.dfsv61.com,S=

1. ./acs-law.co.uk/andrew.crossley/cur/1281173676.H197274P22678.mail2.dfsv61.com,S=53341_2,S
2.  
3. Return-path: <acslawsb+caf_=sbirdsey=acs-law.co.uk@gmail.com>
4. Envelope-to: sbirdsey@acs-law.co.uk
5. Delivery-date: Fri, 04 Jun 2010 16:11:03 +0100
6. Received: from foundry4.dataflame.co.uk ([91.103.220.248])
7. by mail2.dfsv61.com with esmtp (Exim 4.69)
8. (envelope-from <acslawsb+caf_=sbirdsey=acs-law.co.uk@gmail.com>)
9. id 1OKYXk-0001qv-BL
10. for sbirdsey@acs-law.co.uk; Fri, 04 Jun 2010 16:11:03 +0100
11. X-Envelope-From: acslawsb+caf_=sbirdsey=acs-law.co.uk@gmail.com
12. X-Envelope-To: sbirdsey@acs-law.co.uk
13. Received: From mail-wy0-f178.google.com (74.125.82.178) by foundry4.dataflame.co.uk (MAILFOUNDRY) id YGdVbG/zEd+3TAAw for sbirdsey@acs-law.co.uk; Fri, 4 Jun 2010 16:08:12 -0000 (GMT)
14. Received: by wyb29 with SMTP id 29so900808wyb.9
15. for <sbirdsey@acs-law.co.uk>; Fri, 04 Jun 2010 08:10:41 -0700 (PDT)
16. Received: by 10.227.146.75 with SMTP id g11mr10780915wbv.130.1275664241432;
17. Fri, 04 Jun 2010 08:10:41 -0700 (PDT)
18. X-Forwarded-To: sbirdsey@acs-law.co.uk
19. X-Forwarded-For: acslawsb@gmail.com sbirdsey@acs-law.co.uk
20. Delivered-To: acslawsb@gmail.com
21. Received: by 10.227.155.67 with SMTP id r3cs3933wbw;
22. Fri, 4 Jun 2010 08:10:40 -0700 (PDT)
23. Received: by 10.227.135.7 with SMTP id l7mr2784596wbt.204.1275664240291;
24. Fri, 04 Jun 2010 08:10:40 -0700 (PDT)
25. Received: from mail2.dfsv61.com (mail2.dfsv61.com [91.103.216.62])
26. by mx.google.com with ESMTP id e9si4025530wbb.90.2010.06.04.08.10.38;
27. Fri, 04 Jun 2010 08:10:38 -0700 (PDT)
28. Received-SPF: neutral (google.com: 91.103.216.62 is neither permitted nor denied by best guess record for domain of jonathan.miller@acs-law.co.uk) client-ip=91.103.216.62;
29. DomainKey-Status: good
30. Authentication-Results: mx.google.com; spf=neutral (google.com: 91.103.216.62 is neither permitted nor denied by best guess record for domain of jonathan.miller@acs-law.co.uk) smtp.mail=jonathan.miller@acs-law.co.uk; domainkeys=pass header.From=jonathan.miller@acs-law.co.uk
31. DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=acs-law.co.uk;
32. h=Received:From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:Importance:X-MimeOLE:Thread-Index:In-Reply-To:X-ACL-Warn:X-Source:X-Source-Args:X-Source-Dir;
33. b=La2lhcUh+kBbJaBfsUaO9tRCZ623OOfnyiUD8/Qn3Icm03Y3re4tlIUvz0ZYu75EjyBp4Moop5ZhoG6p5Qlei78O3GDBb3MTbbllrAchSecV09eHBMvL7KYAjwZr41CO;
34. Received: from [88.211.49.82] (helo=2c3dc1b649b04b2)
35. by mail2.dfsv61.com with esmtp (Exim 4.69)
36. (envelope-from <jonathan.miller@acs-law.co.uk>)
37. id 1OKYXa-0001p6-Ky; Fri, 04 Jun 2010 16:10:34 +0100
38. From: "Jonathan Miller" <jonathan.miller@acs-law.co.uk>
39. To: "'Alireza Torabi'" <alireza@ng3sys.com>
40. Cc: <acslawsb@gmail.com>,
41. "'Andrew Crossley'" <andrew.crossley@acs-law.co.uk>
42. Subject: RE: IMPORTANT: Data Monitoring Processes - LITIGATION STAGE
43. Date: Fri, 4 Jun 2010 16:10:24 +0100
44. Message-ID: <7D47F50ADBD54C9B8029428399474E71@2c3dc1b649b04b2>
45. MIME-Version: 1.0
46. Content-Type: text/plain;
47. charset="us-ascii"
48. Content-Transfer-Encoding: 7bit
49. X-Priority: 1 (Highest)
50. X-MSMail-Priority: High
51. X-Mailer: Microsoft Outlook, Build 10.0.6856
52. Importance: High
53. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
54. Thread-Index: AcsDxkLXMWUzE8zPTN29JJlL9adaRQAMbPcg
55. In-Reply-To: <4C08C3C1.8080403@ng3sys.com>
56. X-ACL-Warn: {
57. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
58. X-AntiAbuse: Primary Hostname - mail2.dfsv61.com
59. X-AntiAbuse: Original Domain - gmail.com
60. X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
61. X-AntiAbuse: Sender Address Domain - acs-law.co.uk
62. X-Source:
63. X-Source-Args:
64. X-Source-Dir:
65. X-Spam-Status: No, score=0.6
66. X-Spam-Score: 6
67. X-Spam-Bar: /
68. X-Spam-Flag: NO
69.  
70. Thanks for this Ali. We'll get back to you shortly, if any further
71. questions.
72.  
73. Have a good weekend.
74.  
75. -----Original Message-----
76. From: Alireza Torabi [mailto:alireza@ng3sys.com]
77. Sent: 04 June 2010 10:14
78. To: Jonathan Miller
79. Cc: acslawsb@gmail.com; 'Andrew Crossley'
80. Subject: Re: IMPORTANT: Data Monitoring Processes - LITIGATION STAGE
81.  
82. Hi,
83.  
84. Please see followings:
85.  
86. Regards,
87. Alireza
88.  
89.  
90. > 1. Would you kindly give me a brief rundown of what you do,
91. > specifically how you capture the data, what tools you use and how
92. > the process works?
93. Even briefly it'll be a long story.
94.  
95. The main capturing software is my modified and updated software "xTrack"
96. that runs on top of a P2P client software called "Transmission".
97.  
98. For each content (ie. an item that is being shared on P2P) xTrack finds
99. all peers (ie. computers running a P2P client software that are
100. connected to that content) and disregards all that are not in the UK by
101. filtering non-UK IPs. Once a UK peer is found, xTrack checks to see
102. whether or not they understand P2P protocol. If yes, then xTrack checks
103. whether or not they are uploading the content to its P2P swarm (ie, all
104. peers uploading/downloading that content). If yes, 3 different pieces of
105. that content are downloaded by xTrack and checksum -ed to establish 1)
106. the peer is uploading/seeding content and 2) the pieces are part of that
107. content. This will happen every day for a specific peer. All above
108. transactions are logged by xTrack.
109.  
110.  
111. > 2. How do you know or more importantly, should I say, what technical
112. > information have you gathered which indicates to you that the
113. > evidence has a high degree of credibility?
114. Once an IP is uploading/seeding to a P2P swarm, it's 100% safe to assume
115. that the data is coming from that IP unless ISPs who are transporting
116. the packets between that IP and xTrack are somehow modifying its data,
117. very unlikely and I'd say virtually none.
118.  
119.  
120. > 3. Andrew mentioned to me that, when you capture the data from the
121. > infringer, it is in the form of data packets. Would it be possible
122. > to somehow convert these data packets into viewable formats (i.e.
123. > AVI or mpeg)? This way, we would be able to visually marry the
124. > evidence together with our client's Works, thus present the
125. > evidence in an easily recognisable format to the court.
126. Pieces downloaded for each content (read movie) are on average 512KB to
127. 8MB in size for movies and this highly depends on that size of movie in
128. its whole. Now, for example if there are 3 pieces of that content it's
129. about 1-3 (on average) minutes of that content and they are almost
130. always of different parts of it, ie. 1:13 (hh:mm:ss), 18:32 and 1:02:02
131. into movie in a 1:30:00 movie. So visually you'll see a flash or jumps
132. from scenes to scenes if you put them together PROVIDING the compression
133. used in the AVI or MPEG is recognized by the Playback software depending
134. on the positions of the pieces in the movie.
135.  
136. > 4. In relation to question 3, would you be able to return to us any
137. > and all data packets pertaining to each infringer's case (as well
138. > as the converted viewable versions, if possible) upon request?
139. Yes. As Andrew said only for those ones you specify, otherwise you'll
140. need a CD/DVD production plant for all of them to be delivered to you.
141.  
142.  
143. > 5. What is GUID? How does GUID relate to File ID as contained within
144. > the Statement Report of our LoC? Where does GUID fit into your
145. > data capturing process?
146. GUID in LoC is a Ghrapical Unique IDentifier, 40 characters long that a
147. P2P client software assigns to itself when it starts up. It'll stay the
148. same until it restarts again.
149. When pieces are downloaded, a whole host of information regarding the
150. uploading peer is logged as well as this GUID. It's a good data part
151. plus the ISP details of the peer that allows to filter out duplicate IPs.
152.  
153. > 6. Does the File ID identify our client's Works exclusively?? Would
154. > it be possible that multiple copies of the same Work is being made
155. > available by infringers with different File IDs??
156. File ID is a hash that is almost globally unique for contents shared on
157. P2P networks. Copies of the same work (read client's work) will have
158. different File ID but copies of the same content are just copies and
159. basically will have the same File ID. File IDs are just there to
160. determine the copies of the contents on P2P networks.
161.  
162. It's very possible and a common practice actually for a client's work to
163. be shared with different File IDs ie. via different P2P contents.
164.  
165. To marry a File ID to a client's work, the original should be provided
166. by clients and then visually checked against the content for a %100
167. accuracy.