U.S. flag

An official website of the United States government, Department of Justice.

File Marshal: Automatic Extraction of Peer-to-Peer Data

NCJ Number
241126
Journal
Digital Investigation Volume: 4 Issue: S1 Dated: 2007 Pages: S43-S48
Date Published
2007
Length
6 pages
Annotation

This article describes the general design and features of a software ("File Marshal") that assists investigators in determining what peer-to-peer (P2P) software is present on a computer and where the associated information is stored, followed by retrieval of the information and analysis of results.

Abstract

Often P2P file sharing networks are used in crimes such as the illegal penetration of business and government computer systems, trafficking in child pornography, enticing children from the safety of their homes and attacking critical infrastructure such as computer networks and power grids. Consequently, computers involved in these crimes are significant sources of information. Of particular interest to investigators are the configuration parameters (user name, password, and peers/servers used); times of use, time of installation, log files of any transaction, and the downloaded (or shared) files themselves. Currently, an investigator must collect, categorize, and analyze all of this information manually. File Marshal is a digital forensic tool that automates the tedious and time-consuming process of looking for evidence of P2P usage. File Marshal performs these tasks in a forensically valid way and presents them in a readable form on-screen and in a format that can easily be incorporated into a report. This article describes the overall operation and capabilities of File Marshal, including the three models of operation, logging and report generation, and a description of search capabilities. The article also describes the registry library, along with the user interface and the back-end configuration. At the time this article was written, File Marshal was a work-in-progress being developed through a grant from the National Institute of Justice. An initial prototype has demonstrated its capabilities. A beta-release was planned for the end of summer 2007. In early 2008 the File Marshal was scheduled to be made available to law enforcement at no cost. 4 figures

Date Published: January 1, 2007