ATC-NY has released its latest tool to fight cyber crime - P2P Marshal "Field Edition," which runs from a USB drive. P2P Marshal is a computer forensics tool which automatically detects, extracts and analyzes P2P evidence on hard drives. The software-only version, "Forensic Edition," is installed and runs on an investigator's workstation to analyze a mounted disk image.
P2P Marshal Field Edition runs on a Windows target machine from a USB drive. It can conduct live investigations as well as analyze mounted disk images. Field Edition allows an investigator to go mobile as the USB drive may be moved from computer to computer - no installation is required. This allows an investigator to conduct forensic searches out in the field, offering freedom of movement and capabilities on a target computer where P2P Marshal can investigate that computer's hard drive.
P2P Marshal automatically detects and analyzes peer-to-peer file sharing usage including the most commonly used P2P client programs such as Ares, BitTorrent, Frostwire, LimeWire, uTorrent and Azureus Vuze.
P2P Marshal presents per-user information on those clients, including shared files, downloaded files, peer servers and configuration and log information. P2P Marshal performs these tasks in a forensically valid way and presents the results in an easily readable form on screen and can produce reports in CSV, RTF, PDF and HTML formats.
ATC-NY developed P2P Marshal in conjunction with the National Institute of Justice. For information about the Field Edition, go to http://p2pmarshal.atc-nycorp.com/p2p/products.html.
P2P Marshal is currently being used by local, state, federal and international law enforcement to investigate cyber crimes. Without automated tools, a forensic investigator's job to find evidence of illegal file sharing and distribution is manually intensive and time-consuming. P2P Marshal greatly helps investigators reduce the time required for the analysis process. The tool is also useful to private corporations for compliance checking. A company that prohibits peer-to-peer software on its corporate systems could use P2P Marshal to confirm such compliance.