With funding from the National Institute of Justice, ATC-NY has developed P2P Marshal, a software application that automatically gathers, in a forensically sound way, all of the files related to peer-to-peer usage on a target computer.
Computers often contain key evidence needed to prosecute crimes and criminals use peer-to-peer software to distribute illicit files. Without automated tools, a forensic investigator’s job to find evidence of illegal file sharing and distribution is manually-intensive and time-consuming. P2P Marshal greatly helps investigators to reduce the time required for the analysis process.
This tool shows an investigator the files that have been downloaded from a P2P network as well as related information such as the P2P servers used. It shows relevant configuration information, such as the user’s name and a list of servers that were used, and displays the log file in a human readable form. It supports multiple P2P networks.
P2P Marshal is currently being used by local, state, federal and international law enforcement to investigate real cases involving child exploitation. The tool would also be useful to private corporations for compliance checking. A company that prohibits peer-to-peer software on its corporate systems could use P2P Marshal to confirm such compliance.
P2P Marshal 1.0 is available at no charge.