News

P2P Marshal: A computer forensic tool to detect and analyze peer-to-peer/file sharing use

May 1, 2008. Cyber Security Technologies Corporation (CST) today announced the availability of P2P Marshal, a computer forensic software product to analyze peer-to-peer (P2P) usage on images of hard drives. P2P Marshal automatically detects and identifies a roster of the most commonly-used peer-to-peer software which is or was present on the hard drive under investigation. It automatically shows the files shared or downloaded using each P2P application, and extracts configuration and log information when available. P2P Marshal was designed to perform its actions in a forensically sound way, including maintaining a detailed audit trail of all actions performed.

According to John Metil, president and CEO of Cyber Security Technologies, "P2P Marshal delivers a dramatic improvement in the productivity of investigations where peer-to-peer usage is involved. This new product provides a unique technology to automate what currently is a manual and labor-intensive aspect of computer investigations."

P2P file sharing networks are a widely used method of sharing information on the Internet, and usage of P2P networks by criminal suspects is frequently involved in law enforcement investigations. Also, many corporations restrict or prohibit the use of P2P file sharing in the workplace.

Metil continued, "Currently there are many P2P programs and networks in general use on the Internet. This poses a daunting challenge for investigators because each client program is slightly different, requiring a unique investigative technique for each. P2P Marshal directly addresses many of the difficulties in current investigative techniques involving P2P data, in that it automatically detects many of the most widely-used P2P client programs that are or were present, extracts configuration and log information, and shows the investigator the shared (uploaded and downloaded) files."

P2P Marshal runs on Microsoft Windows XP and Vista, and is used to examine a mounted disk image. P2P Marshal performs a full analysis for BitTorrent, LimeWire, uTorrent and Azereus. It detects and shows default download locations for Ares, Google Hello and Kazaa. P2P Marshal follows forensic best practices and maintains a detailed log file of all activities it performs, producing detailed investigation reports in RTF, PDF and HTML formats.

The development program for P2P Marshal was supported by Award No. 2006-DN-BX-K013 awarded by the National Institute of Justice, Office of Justice Programs, US Department of Justice.

P2P Marshal Release 1.0 is currently available at no charge to US law enforcement, and as an introductory offer is being made available at no charge to other government personnel and to qualified corporate organizations.

For additional technical, training and download information please go to www.cyberstc.com or www.p2pmarshal.com.

Cyber Security Technologies is the innovation leader in affordable software solutions for the investigation of computer systems. Our OnLine Digital Forensic Suite^TM (OnLineDFS^TM) software enables network-based, real-time investigations of live, running computer systems without pre-installed agents. OnLineDFS is designed for information technology security professionals in corporations, government agencies and law enforcement. It provides IT security personnel with the tools to make a rapid, forensically sound determination about whether a security or compliance issue exists in a computer so that quick corrective action can be taken. It is a valuable solution for incident response, compliance and e-discovery applications in a live environment.

Additionally, CST provides P2P Marshal, a computer forensic software product to analyze peer-to-peer usage on images of hard drives. P2P Marshal automatically detects and identifies a roster of commonly used P2P software which is or was present on the hard drive under investigation.

Cyber Security Technologies is headquartered in Eden Prairie, Minnesota. It is an affiliate of Architecture Technology Corporation, an established advanced technology company which provides software-intensive solutions for complex problems to customers including the US Departments of Defense, Homeland Security, Justice and Transportation.