Tool Helps Automate, Expedite CyberCrime Probes

Using this tool not only saves time for the investigator, thus helping to reduce backlogs, it can also prove links between individuals and assist agencies in expanding investigations. Developed by ATC-NY, a subsidiary of Architecture Technology Corporation, the P2P Marshal TM automatically detects the use of P2P client programs, extracts configuration and log information, and lists both uploaded and downloaded shared files. It has extensive search capabilities, produces reports in several formats and runs on Microsoft Window-based operating systems. P2P Marshal also provides a detailed log file of all activities it performs. In order to build a case, an investigator needs to identify how the suspect used the P2P tools, i.e., whether he was specifically searching for child pornography or downloaded a large block of pictures without knowing the illegal material was included. In order to prove intent, an investigator must understand how the P2P programs work, as each P2P program works differently. An investigator must research various P2P programs before searching for information. P2P Marshal automates this task as much as possible. Early in 2009, P2P Marshal surpassed the 1,000 mark for registered users while Version 1.0 was still available. Version 2.0, released in summer 2009, can be run from a USB drive and taken out into the field. This expanded capability makes Version 2.0 available to field investigators as well as probation and parole officers checking on a client's compliance with probation/parole conditions.