Difference between pages "P2PMarshal" and "Getting Started in Forensic Research"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(Added HoneyNet Challenges)
 
Line 1: Line 1:
{{Infobox_Software |
+
Interested in getting involved in computer forensics research? Here's how to start.
  name = P2P Marshal|
+
  maintainer = [[ATC-NY]] |
+
  os = {{Windows}} |
+
  genre = {{File forensics}} |
+
  license = Commerical (free to law enforcement) |
+
  website = [http://p2pmarshal.com p2pmarshal.com] |
+
}}
+
  
P2P Marshal is a program that helps an investigator discover and analyze [[file sharing]] software on a disk.
+
=Recommended Reading=
 
+
# Read the proceedings for each of the past [http://www.dfrws.org Digital Forensic Research Workshops] sessions. If a specific article looks interesting, download it and read it!
P2P Marshal operates on a logically mounted drive (i.e., a restored image of a disk, mounted as D:, E:, etc.) or a subdirectory (e.g., unzipped or untarred archive). It is designed to run under Windows, though as a Java-based program, it should be able to run on other platforms.
+
#*[http://www.dfrws.org/2007/program.shtml DFRWS 2007 Program]
 
+
#*[http://www.dfrws.org/2006/program.shtml DFRWS 2006 Program]
When run, it first detects the presence of P2P client programs. Then, for each program detected, it presents various information, such as downloaded and shared files, peer servers, and log messages. For some clients, additional  information may be displayed, such as host ID numbers, total runtime, and other parameters tracked by the client. P2P Marshal displays the information either on a per-user basis or for all users. It also provides an extensive search capability, produces customizable summary reports in PDF, HTML, and RTF formats, and maintains an audit log of all actions performed by the investigator.
+
#*[http://www.dfrws.org/2005/program.shtml DFRWS 2005 Program]
 
+
#*[http://www.dfrws.org/2004/program.shtml DFRWS 2004 Program]
It currently supports LimeWire and several BitTorrent clients, Ares, and Hello, and detects the presence of KaZaA.
+
#*[http://www.dfrws.org/2003/program.shtml DFRWS 2003 Program]
 
+
#*[http://www.dfrws.org/2002/program.shtml DFRWS 2002 Program]
As of January 2008, the 1.0 will be available at no cost to law enforcement, with a commercial version available to non-law enforcement.
+
#*[http://www.dfrws.org/2001/dfrws-rm-final.pdf DFRWS 2001 Technical Report] (no program available)
 
+
# Review the [http://www.ifip119.org/ IFIP Working Group 11.9 on Digital Forensics] website and look at the proceedings from the past conferences (unfortunately, you can't download the papers and the book costs more than $100, but if you see something interesting it can usually be requested via interlibrary loan)
=Authors=
+
#*[http://www.ifip119.org/Publications/ IFIP WG 11.9 publications]
P2P Marhsal was developed by ATC-NY through a National Institute of Justice (NIJ) grant. The project was originally named File Marshal.  
+
# Search for interesting forensic terms at the [http://portal.acm.org/dl.cfm ACM Digital Library] and [http://citeseer.ist.psu.edu/ CiteSeer]
 
+
# Review the [http://www.sleuthkit.org/ Sleuth Kit Website]. In particular, review the issues of [http://www.sleuthkit.org/informer/index.php The Sleuth Kit Informer] and download a copy of Sleuth Kit for your computer.
= External Links =
+
# Download a few of the public corpora from the [http://digitalcorpora.org/ Digital Corpora] website and give them a try.
* [http://dfrws.org/2007/proceedings/p43-adelstein_pres.pdf DFRWS'07 File Marshal paper (pdf)]
+
# Try your hand at the [http://www.honeynet.org/misc/chall.html HoneyNet Project Challenges]. They are a little older, but are still valid. Plus there are solutions from previous attempts online!
* [http://www.p2pmarshal.com/ Official website (coming soon)]
+
* [http://atc-nycorp.com ATC-NY]
+
 
+
[[Category:Peer-to-peer forensics tools]]
+

Revision as of 10:43, 21 November 2007

Interested in getting involved in computer forensics research? Here's how to start.

Recommended Reading

  1. Read the proceedings for each of the past Digital Forensic Research Workshops sessions. If a specific article looks interesting, download it and read it!
  2. Review the IFIP Working Group 11.9 on Digital Forensics website and look at the proceedings from the past conferences (unfortunately, you can't download the papers and the book costs more than $100, but if you see something interesting it can usually be requested via interlibrary loan)
  3. Search for interesting forensic terms at the ACM Digital Library and CiteSeer
  4. Review the Sleuth Kit Website. In particular, review the issues of The Sleuth Kit Informer and download a copy of Sleuth Kit for your computer.
  5. Download a few of the public corpora from the Digital Corpora website and give them a try.
  6. Try your hand at the HoneyNet Project Challenges. They are a little older, but are still valid. Plus there are solutions from previous attempts online!