P2PMarshal - Revision history

Frank: typo

2010-03-16T04:03:40Z

typo

Frank: Minor updates for version 2, and USB version

2010-03-15T19:41:45Z

Minor updates for version 2, and USB version

Robjoyce: Fix typo

2009-02-05T23:38:13Z

Fix typo

Frank at 13:47, 26 March 2008

2008-03-26T13:47:25Z

Frank at 22:17, 15 November 2007

2007-11-15T22:17:26Z

Frank at 21:02, 15 November 2007

2007-11-15T21:02:24Z

Frank: Initial version

2007-11-15T20:24:27Z

Initial version

New page

{{Infobox_Software |
name = P2P Marshal|
maintainer = [[ATC-NY]] |
os = {{Windows}} |
genre = {{File forensics}} |
license = Commerical (free to law enforcement) |
website = [http://p2pmarshal.com p2pmarshal.com] |
}}

P2P Marshal is a program that helps an investigator discover and analyze [[file sharing]] software on a disk.

P2P Marshal operates on a logically mounted drive (i.e., a restored image of a disk, mounted as D:, E:, etc.) or a subdirectory (e.g., unzipped or untarred archive). It is designed to run under Windows, though as a Java-based program, it should be able to run on other platforms.

When run, it first detects the presence of P2P client programs. Then, for each program detected, it presents various information, such as downloaded and shared files, peer servers, and log messages. For some clients, additional information may be displayed, such as host ID numbers, total runtime, and other parameters tracked by the client. P2P Marshal displays the information either on a per-user basis or for all users. It also provides an extensive search capability, produces customizable summary reports in PDF, HTML, and RTF formats, and maintains an audit log of all actions performed by the investigator.

It currently supports LimeWire and several BitTorrent clients, Areas, and Hello, and detects the presence KaZaA.

As of January 2008, the 1.0 will be available at no cost to law enforcement, with a commercial version available to non-law enforcement.

=Authors=
P2P Marhsal was developed by ATC-NY through a National Institute of Justice (NIJ) grant. The project was originally named File Marshal.

= External Links =
* [http://dfrws.org/2007/proceedings/p43-adelstein_pres.pdf DFRWS'07 File Marshal paper (pdf)]
* [http://www.p2pmarshal.com/ Official website (coming soon)]
* [http://atc-nycorp.com ATC-NY]

[[Category:Peer-to-peer forensics tools]]

@@ Line 21: / Line 21: @@
 =Authors=
-P2P Marhsal was developed by ATC-NY through a US National Institute of Justice (NIJ) grant.  The project was originally named File Marshal.
+P2P Marshal was developed by ATC-NY through a US National Institute of Justice (NIJ) grant.  The project was originally named File Marshal.
 = External Links =

@@ Line 4: / Line 4: @@
    os = {{Windows}} |
    genre = {{File forensics}} |
-   license = Commercial (free to law enforcement) |
+   license = Commercial (free to US law enforcement) |
    website = [http://p2pmarshal.com p2pmarshal.com] |
 }}
@@ Line 10: / Line 10: @@
 P2P Marshal is a program that helps an investigator discover and analyze [[file sharing]] software on a disk.
-P2P Marshal operates on a logically mounted drive (i.e., a restored image of a disk, mounted as D:, E:, etc.) or a subdirectory (e.g., unzipped or untarred archive).  It is designed to run under Windows, though as a Java-based program, it should be able to run on other platforms.
+The Forensic Edition of P2P Marshal operates on a logically mounted drive (i.e., a restored image of a disk, mounted as D:, E:, etc. or with Mount Image Pro, EnCase's Physical Disk Emulator, or similar).   The Field Edition can also analyze a live computer's disk.  P2P Marshal is designed to run under Windows, though as a Java-based program, it should be able to run on other platforms.
 When run, it first detects the presence of P2P client programs.  Then, for each program detected, it presents various information, such as downloaded and shared files, peer servers, and log messages.  For some clients, additional  information may be displayed, such as host ID numbers, total runtime, and other parameters tracked by the client.  P2P Marshal displays the information either on a per-user basis or for all users.  It also provides an extensive search capability, produces customizable summary reports in PDF, HTML, and RTF formats, and maintains an audit log of all actions performed by the investigator.
-It currently supports LimeWire and several BitTorrent clients, Ares, and Hello, and detects the presence of KaZaA.
+The Forensic Edition must be installed on a computer; the Field Edition runs from a USB drive.
-As of January 2008, the 1.0 will be available at no cost to US law enforcement, with a commercial version available to non-law enforcement.
+It currently supports LimeWire and several BitTorrent clients, and Ares, and detects the presence of KaZaA.
 =Authors=

@@ Line 23: / Line 23: @@
 = External Links =
 * [http://dfrws.org/2007/proceedings/p43-adelstein_pres.pdf DFRWS'07 File Marshal paper (pdf)]
-* [http://www.p2pmarshal.com/ Official website (coming soon)]
+* [http://www.p2pmarshal.com/ p2pmarshal.com]
 * [http://atc-nycorp.com ATC-NY]
 [[Category:Peer-to-peer forensics tools]]

@@ Line 14: / Line 14: @@
 When run, it first detects the presence of P2P client programs.  Then, for each program detected, it presents various information, such as downloaded and shared files, peer servers, and log messages.  For some clients, additional  information may be displayed, such as host ID numbers, total runtime, and other parameters tracked by the client.  P2P Marshal displays the information either on a per-user basis or for all users.  It also provides an extensive search capability, produces customizable summary reports in PDF, HTML, and RTF formats, and maintains an audit log of all actions performed by the investigator.
-It currently supports LimeWire and several BitTorrent clients, Areas, and Hello, and detects the presence KaZaA.
+It currently supports LimeWire and several BitTorrent clients, Ares, and Hello, and detects the presence of KaZaA.
 As of January 2008, the 1.0 will be available at no cost to law enforcement, with a commercial version available to non-law enforcement.