With the rapid growth of cybercrime there is a need for the development of new tools to catch the criminals of today. A new product from ATC-NY is doing just that. With its “P2P Marshal” USB based file detection software a criminal investigator can begin documenting evidence on computer hard drives and network devices immediately. There is no need to bring a laptop computer into the crime scene nor to physically remove (or disconnect) the computer from its network.
What is P2P Marshal Technology
P2P Marshal is a tool to analyze peer-to-peer (P2P) usage on file system images. It automatically detects what P2P client programs are, or were, present, extracts configuration and log information, and shows the investigator the shared (uploaded and downloaded) files.
This program is stored on a USB drive and therefore extremely portable. It replaces the need for a laptop computer with the P2P analyzer to be brought to the scene. This NIJ (National Institute of Justice) sponsored project can be used to:
- Analyze peer-to-peer network usage
- Provide full analysis for: BitTorrent, LimeWire, uTorrent, and Azereus
- Detect and show default download locations for Ares, Google Hello, and Kazaa
This forensically sound and fully extensible version (2.0) is available for free to law enforcement and future versions are said to include additional client support and capabilities.
What Will New Technology in Forensic Investigation Achieve
The P2P Marshal follows forensic best practices and maintains a detailed log file of all activities it performs. It is designed to be easily extensible to support new P2P clients and networks. It has extensive search capabilities, produces reports in CSV, RTF, PDF, and HTML formats and runs on Windows-based operating systems. What this means for the crime scene investigator is more space in the field kit for other important tools. It also will free up time because the P2P Marshal can plug into any open USB port on both a computer at the scene and one back at the lab. The software-only version, "Forensic Edition," is installed and runs on an investigator's workstation to analyze a mounted disk image.
According to ATC-NY’s press release on its website, P2P Marshal “is currently being used by local, state, federal and international law enforcement to investigate cyber crimes. Without automated tools, a forensic investigator's job to find evidence of illegal file sharing and distribution is manually intensive and time-consuming. P2P Marshal greatly helps investigators reduce the time required for the analysis process.” ( "ATC Releases P2P Marshal Field Edition" June 9, 2010, Accessed June 2010)
How Much Time Will a USB Based System Save
Computer hard drives collected by law enforcement officers in various searches of suspects’ homes offer a “virtual treasure trove” ("Computer Forensics Tool comes on USB drive for use in field", Accessed June 2010) of evidence in the hands of a trained forensic investigator. Manually searching each of them for evidence of peer-to-peer (P2P) network file sharing can take many hours, perhaps days, while the investigator’s backlog continues to grow. However, the P2P Marshal tool will take only minutes to reveal the same information.
The time saved by automating the data farming can be directly translated into other facets of the investigation. Leads that would have been dormant for days become immediately available. This gives perpetrators less time to cover their tracks and allows for swift action by the authorities.
Who Can Get P2PMarshal
In an article from the fall 2009 edition of TechBeat, the award-winning quarterly news magazine of the National Law Enforcement and Corrections Technology Center System Frank Adelstein, the technical director at ATC-NY said, “Accessibility is not limited to law enforcement agencies because the tool could have civil applications, but users must provide contact information in order to register.” ("Tool Helps Automate, Expedite CyberCrime Probes", Fall 2009, Accessed June 2010)
Resources
Architecture Technology Corporation "ATC Releases P2P Marshall Field Edition. Atc-nycorp.com June 9, 2010 (Accessed June 2010)
"Computer Forensics Tool comes on USB drive for use in field." Product News Network (2010). General OneFile. Web. 30 June 2010.
National Law Enforcement and Corrections technology Center: A program of the National Institute of Justice Justnet.org “Tool Helps Automate, Expedite CyberCrime Probes” Fall 2009 (Accessed June 2010)
Kenneth Sleight - Ken Sleight is a resident of Haslett, Mi. He was voted among his friends as, "most likely to be the phone a friend on Who Wants to be a ...
