TEST TOOLS
Home / Computer Forensics / P2P Marshall
A digital forensic examiner must often examine files that have been shared on a target computer through peer-to-peer (P2P) technology. Currently, this analysis is manually intensive and time consuming: investigators must determine which types of P2P clients were used, must identify all the files associated with each client, and must then (in a client-specific way) extract information from those files. Existing automated support is very limited in scope: each tool applies only to one P2P client and performs only one analysis task (for example, translating an "activity" log file into a human readable format). This has placed a great burden on investigators operating under tight deadlines.
Using P2P Marshal an investigator can automatically gather, in a forensically sound way, all the files related to P2P usage on a target computer. P2P Marshal shows an investigator the files that have been downloaded from a P2P network, the log files for each transaction in human readable form, and other information of particular forensic interest (such as user name, password, servers/peers used). P2P Marshal currently supports multiple P2P networks and is easily extensible to incorporate new P2P platforms as they arise. P2P Marshal is a stand-alone tool, requiring no additional software.
Using P2P Marshal an investigator can automatically gather, in a forensically sound way, all the files related to P2P usage on a target computer. P2P Marshal shows an investigator the files that have been downloaded from a P2P network, the log files for each transaction in human readable form, and other information of particular forensic interest (such as user name, password, servers/peers used). P2P Marshal currently supports multiple P2P networks and is easily extensible to incorporate new P2P platforms as they arise. P2P Marshal is a stand-alone tool, requiring no additional software.
Features:
Requirements:
Analyzes peer-to-peer network usage on images of Windows 2000, 2003 and XP systems
Extensible
Forensically sound
Provides full analysis for: BitTorrent, LimeWire, uTorrent, and Azereus
Detects and shows default download locations for Ares & Kazaa
Future versions will include additional client and operating system support and capabilities
Microsoft Windows XP or Vista Operating System
120M disk space free
120M disk space free
P2P Marshal Digital Forensics Software:
P2P Marshal is a tool to analyze peer-to-peer (P2P) usage on file system images. It automatically detects what P2P client programs are, or were, present, extracts configuration and log information, and shows the investigator the shared (uploaded and downloaded) files. P2P Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It is designed to be easily extensible to support new P2P clients and networks. It has extensive search capabilities, produces reports in RTF, PDF, and HTML formats and runs on Windows-based operating systems. Funding for the development of P2P Marshal was provided by the American national institute of justice.
P2P Marshal is a tool to analyze peer-to-peer (P2P) usage on file system images. It automatically detects what P2P client programs are, or were, present, extracts configuration and log information, and shows the investigator the shared (uploaded and downloaded) files. P2P Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It is designed to be easily extensible to support new P2P clients and networks. It has extensive search capabilities, produces reports in RTF, PDF, and HTML formats and runs on Windows-based operating systems. Funding for the development of P2P Marshal was provided by the American national institute of justice.
P2P Marshall / A series of screen shots: :
Selecting a Target Disk to Analyze:
P2P Marshal can analyze any mounted logical volume (e.g., C:, D:, ...) or subtree within a folder (e.g., C:\unzipped Windows Disk\).
P2P Marshal can analyze any mounted logical volume (e.g., C:, D:, ...) or subtree within a folder (e.g., C:\unzipped Windows Disk\).
Main Page Showing P2P Marshal:
Each discovered P2P client has its own tab. Each tab allows the investigator to display information on individual users as well as all users.
Each discovered P2P client has its own tab. Each tab allows the investigator to display information on individual users as well as all users.
Searching for Downloaded Files:
Investigators can search for files matching complex patterns, such as filename extension (e.g., .jpg) and file size and MAC times.
Investigators can search for files matching complex patterns, such as filename extension (e.g., .jpg) and file size and MAC times.
Reviewing Saved Searches:
Searches can be saved to be included in the report that P2P Marshal generates. A search description includes all of the search terms & constraints that were specified.
Searches can be saved to be included in the report that P2P Marshal generates. A search description includes all of the search terms & constraints that were specified.
Reviewing Saved Searches (the selected search has been renamed)
Saved searches can be renamed with a mnemonic name to make it easy to distinguish among different searches.
Saved searches can be renamed with a mnemonic name to make it easy to distinguish among different searches.
Contact us now for the P2P Marshall
Our friendly and informed staff are on hand to deal with all your enquiries so dont hestitate to get in touch. You can use our online form or contact direct:
Call us now on 01276 211 22
or
E-mail: info@tapsystems.com
© 2008 / 2009 Tap Systems Ltd | UK Company registration number: 1825135
