A user contacted me with some questions about Torrents and a possible CSAM sharing through uTorrent.
Digging into the files he sent me, I found out that it would be possible to link torrents (present in the case) with the referenced files (if they are in the case), even if the torrent do not have a "common" hash (like the e-Donkey or SHA-1 sometimes present, but not in this case), using the total file length (to select candidates) and then confirm calculating hashes of parts (this info is present in the torrent, and is included in the parser result since #1986.
It also would be possible to link torrents with the resume.dat found in the case (thought the infoHash).
So ultimately, it would be possible to link entries in the resume.dat with items in the case, which can be very useful as the resume.dat entries has information about actual transmitted bytes.

Linking the torrent to its referenced files is not trivial, especially when the torrent references multiple files. So only torrents with a single file will be linked (at least in this initial version).

I noticed that in many torrents with more than one file, the first one is the "main file" (largest, usually a video, while the others a small pictures or text files with some info).
It seems to be possible to match the first file in such conditions.

I noticed that in many torrents with more than one file, the first one is the "main file" (largest, usually a video, while the others a small pictures or text files with some info). It seems to be possible to match the first file in such conditions.

Going one step further, I believe I found a relatively simple way to match any file referenced by a torrent with multiple files, as long as file's length is "large enough" compared to pieces length. I will try to implement it tomorrow.