Not sure what you mean by study book.
The point is once a malware program (maybe program with malware/virus inserted) is stored on the network it is immutable. Once the malware has been detected then its chunks are added to the list.
Of course they can change it to store a new malware file, but the original is still there ready to infect those who download it to run.
Yes like virus checkers the list increases more and more.
But a study book? Without the datamap these chunks are useless and unable to be decoded. With thousands of files (maybe 10 thousand chunks) it is virtually impossible to reassemble the files by mixing and matching the chunks till they are found. And of course after a short while I’d expect there to be more than thousands of files.
Anyone wanting a study book would be 100 times better to search out the forums on the current web to find out how to do it. If they could decode the files to study then I suggest they don’t need the files since they could probably do it themselves by utilising the current web to find the needed info.
The question is how does the user make the list? Do they find all the malware they can and create the list? Or just add to their list any malware that they caught so it doesn’t happen again.
All I was suggesting is that while the user has the list of chunk addresses that the client refuses to retrieve, it is built from resources that make the lists for people to use. Adblockers are another example that do this sort of thing using web URLs in their list. The user can just use their own entries or avail themselves of many lists to make their own and add their own URLs as they see fit.
Why not just use the xor addresses of the chunks preventing the ability of people using the lists to find and decrypt the chunks/files.