skip navigation

Justinfo Subscribe to Stay Informed

Add your conference to our Justice Events calendar


NCJRS Abstract


Subscribe to Stay Informed
Want to be in the know? JUSTINFO is a biweekly e-newsletter containing information about new publications, events, training, funding opportunities, and Web-based resources available from the NCJRS Federal sponsors. Sign up to get JUSTINFO in your inbox.

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
NCJ Number: NCJ 241126     Find in a Library
Title: File Marshal: Automatic Extraction of Peer-to-Peer Data
Author(s): Frank Adelstein ; Robert A. Joyce
  Journal: Digital Investigation  Volume:4  Issue:S1  Dated:2007  Pages:S43 to S48
Date Published: 2007
Page Count: 6
  Annotation: This article describes the general design and features of a software (“File Marshal”) that assists investigators in determining what peer-to-peer (P2P) software is present on a computer and where the associated information is stored, followed by retrieval of the information and analysis of results.
Abstract: Often P2P file sharing networks are used in crimes such as the illegal penetration of business and government computer systems, trafficking in child pornography, enticing children from the safety of their homes and attacking critical infrastructure such as computer networks and power grids. Consequently, computers involved in these crimes are significant sources of information. Of particular interest to investigators are the configuration parameters (user name, password, and peers/servers used); times of use, time of installation, log files of any transaction, and the downloaded (or shared) files themselves. Currently, an investigator must collect, categorize, and analyze all of this information manually. File Marshal is a digital forensic tool that automates the tedious and time-consuming process of looking for evidence of P2P usage. File Marshal performs these tasks in a forensically valid way and presents them in a readable form on-screen and in a format that can easily be incorporated into a report. This article describes the overall operation and capabilities of File Marshal, including the three models of operation, logging and report generation, and a description of search capabilities. The article also describes the registry library, along with the user interface and the back-end configuration. At the time this article was written, File Marshal was a work-in-progress being developed through a grant from the National Institute of Justice. An initial prototype has demonstrated its capabilities. A beta-release was planned for the end of summer 2007. In early 2008 the File Marshal was scheduled to be made available to law enforcement at no cost. 4 figures
Main Term(s): Forensics/Forensic Sciences
Index Term(s): Evidence collection ; Computer software ; Computer related crime ; Computer aided investigations ; Computer evidence ; NIJ grant-related documents
Sponsoring Agency: National Institute of Justice (NIJ)
US Department of Justice
Office of Justice Programs
United States of America
Grant Number: 2006-DN-BX-K013
Type: Report (Technical)
Country: United States of America
Language: English
  To cite this abstract, use the following link:

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.