skip navigation

CrimeSolutions.gov

Add your conference to our Justice Events calendar

PUBLICATIONS

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
 
NCJ Number: NCJ 241126     Find in a Library
Title: File Marshal: Automatic Extraction of Peer-to-Peer Data
Journal: Digital Investigation  Volume:4  Issue:S1  Dated:2007  Pages:S43 to S48
Author(s): Frank Adelstein ; Robert A. Joyce
Date Published: 2007
Page Count: 6
Sponsoring Agency: National Institute of Justice
US Department of Justice
Office of Justice Programs
United States of America
Grant Number: 2006-DN-BX-K013
Type: Report (Technical)
Language: English
Country: United States of America
Annotation: This article describes the general design and features of a software (“File Marshal”) that assists investigators in determining what peer-to-peer (P2P) software is present on a computer and where the associated information is stored, followed by retrieval of the information and analysis of results.
Abstract: Often P2P file sharing networks are used in crimes such as the illegal penetration of business and government computer systems, trafficking in child pornography, enticing children from the safety of their homes and attacking critical infrastructure such as computer networks and power grids. Consequently, computers involved in these crimes are significant sources of information. Of particular interest to investigators are the configuration parameters (user name, password, and peers/servers used); times of use, time of installation, log files of any transaction, and the downloaded (or shared) files themselves. Currently, an investigator must collect, categorize, and analyze all of this information manually. File Marshal is a digital forensic tool that automates the tedious and time-consuming process of looking for evidence of P2P usage. File Marshal performs these tasks in a forensically valid way and presents them in a readable form on-screen and in a format that can easily be incorporated into a report. This article describes the overall operation and capabilities of File Marshal, including the three models of operation, logging and report generation, and a description of search capabilities. The article also describes the registry library, along with the user interface and the back-end configuration. At the time this article was written, File Marshal was a work-in-progress being developed through a grant from the National Institute of Justice. An initial prototype has demonstrated its capabilities. A beta-release was planned for the end of summer 2007. In early 2008 the File Marshal was scheduled to be made available to law enforcement at no cost. 4 figures
Main Term(s): Forensics/Forensic Sciences
Index Term(s): Evidence collection ; Computer software ; Computer related crime ; Computer aided investigations ; Computer evidence ; NIJ grant-related documents
   
  To cite this abstract, use the following link:
https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=263214

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.