Difference between pages "P2PMarshal" and "Basic Security Module (BSM) file format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(External Links)
 
Line 1: Line 1:
{{Infobox_Software |
+
{{expand}}
  name = P2P Marshal|
+
  maintainer = [[ATC-NY]] |
+
  os = {{Windows}} |
+
  genre = {{File forensics}} |
+
  license = Commerical (free to law enforcement) |
+
  website = [http://p2pmarshal.com p2pmarshal.com] |
+
}}
+
  
P2P Marshal is a program that helps an investigator discover and analyze [[file sharing]] software on a disk.
+
The Basic Security Module (BSM) file format originates from the [[Solaris|Sun Solaris]] operating system and has been adopted in various forms by BSD Unix, [[Mac OS X]] included.
  
P2P Marshal operates on a logically mounted drive (i.e., a restored image of a disk, mounted as D:, E:, etc.) or a subdirectory (e.g., unzipped or untarred archive). It is designed to run under Windows, though as a Java-based program, it should be able to run on other platforms.
+
== External Links ==
 +
* [http://en.wikipedia.org/wiki/OpenBSM Wikipedia: OpenBSM]
 +
* [https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man5/audit.log.5.html audit -- Basic Security Module (BSM) file format], Mac Developer Library
 +
* [http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/security/audit/audit_bsm_token.c?txt audit_bsm_token.c], Apple Open Source
 +
* [http://www.deer-run.com/~hal/sysadmin/SolarisBSMAuditing.html Solaris Basic Security Mode (BSM) Auditing], by [[Hal Pomeranz]]
  
When run, it first detects the presence of P2P client programs. Then, for each program detected, it presents various information, such as downloaded and shared files, peer servers, and log messages. For some clients, additional  information may be displayed, such as host ID numbers, total runtime, and other parameters tracked by the client. P2P Marshal displays the information either on a per-user basis or for all users. It also provides an extensive search capability, produces customizable summary reports in PDF, HTML, and RTF formats, and maintains an audit log of all actions performed by the investigator.
+
== Tools ==
 +
=== praudit ===
 +
* [http://www.trustedbsd.org/openbsm.html OpenBSM], Open Source Basic Security Module (BSM) Audit Implementation
 +
* [http://sourceforge.net/projects/linuxbsm/ linuxbsm], The Linux Basic Security Module; The Linux BSM is an auditing tool that aims to bring the capabilities of Sun's Solaris Basic Security Module to Linux.
 +
* [http://sourceforge.net/projects/linuxbsm2/ linuxbsm2], LinuxBSM-2; LinuxBSM-2 introduces auditing features in Linux kernel to achieve better security and keep an eye on system activities.
 +
* [https://code.google.com/p/linuxopenbsm/ linuxopenbsm], Linux Basic Security Module
  
It currently supports LimeWire and several BitTorrent clients, Ares, and Hello, and detects the presence of KaZaA.
+
[[Category:File Formats]]
 
+
As of January 2008, the 1.0 will be available at no cost to US law enforcement, with a commercial version available to non-law enforcement.
+
 
+
=Authors=
+
P2P Marhsal was developed by ATC-NY through a US National Institute of Justice (NIJ) grant.  The project was originally named File Marshal.
+
 
+
= External Links =
+
* [http://dfrws.org/2007/proceedings/p43-adelstein_pres.pdf DFRWS'07 File Marshal paper (pdf)]
+
* [http://www.p2pmarshal.com/ Official website (coming soon)]
+
* [http://atc-nycorp.com ATC-NY]
+
 
+
[[Category:Peer-to-peer forensics tools]]
+

Latest revision as of 14:30, 16 December 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

The Basic Security Module (BSM) file format originates from the Sun Solaris operating system and has been adopted in various forms by BSD Unix, Mac OS X included.

External Links

Tools

praudit

  • OpenBSM, Open Source Basic Security Module (BSM) Audit Implementation
  • linuxbsm, The Linux Basic Security Module; The Linux BSM is an auditing tool that aims to bring the capabilities of Sun's Solaris Basic Security Module to Linux.
  • linuxbsm2, LinuxBSM-2; LinuxBSM-2 introduces auditing features in Linux kernel to achieve better security and keep an eye on system activities.
  • linuxopenbsm, Linux Basic Security Module