P2P Marshal™—Peer-to-Peer System Analysis

A digital forensic examiner must often examine files that have been shared on a target computer through peer-to-peer (P2P) technology. Currently, this analysis is manually intensive and time consuming: investigators must determine which types of P2P clients were used, must identify all the files associated with each client, and must then (in a client-specific way) extract information from those files. Existing automated support is very limited in scope: each tool applies only to one P2P client and performs only one analysis task (for example, translating an "activity" log file into a human readable format). This has placed a great burden on investigators operating under tight deadlines.

Using P2P Marshal an investigator can automatically gather, in a forensically sound way, all the files related to P2P usage on a target computer. P2P Marshal shows an investigator the files that have been downloaded from a P2P network, the log files for each transaction in human readable form, and other information of particular forensic interest (such as user name, password, servers/peers used). P2P Marshal currently supports multiple P2P networks and is easily extensible to incorporate new P2P platforms as they arise. P2P Marshal is a stand-alone tool, requiring no additional software.

Download this article from the 2007 Digital Forensic Research Workshop (DFRWS) for a discussion of P2P Marshal (717K PDF).

For more information about P2P Marshal visit www.p2pmarshal.com