P2P Marshal Field Edition™ 3.1.0

P2P Marshal Field Edition™ is available on a USB drive only and requires no installation to run. The Field Edition provides the capability to run on a live computer in the field. With all of the features of the Forensic Edition, the Field Edition can also be used on an investigator's workstation in the lab to examine disk images. Get the Field Edition here.

Features

  • Analyzes peer-to-peer network usage on live computers running Windows XP, 2003, Vista, 2008, and Windows 7 systems (English and non-English, 32- and 64-bit)
  • Analyzes peer-to-peer network usage on images of Windows XP, 2003, Vista, 2008, and Windows 7 systems (English and non-English, 32- and 64-bit)
  • Provides full analysis for: Ares, BitTorrent, FrostWire, LimeWire, uTorrent, Azureus Vuze, and eMule
  • Detects and shows default download locations for Kazaa
  • Provides extensive search capabilities
  • Built-in thumbnail and image viewer
  • Produces customizable reports in CSV, HTML, PDF, and RTF formats
  • Integrated online help
  • Performs all actions in a forensically sound manner

Requirements

  • Windows XP or newer
  • External disk drive (e.g., USB) large enough to store case information and evidence when investigating live systems is strongly recommended

Screenshots

Click on the headings or images below to view P2P Marshal Field Edition in action.

Selecting a Target Disk to Analyze


P2P Marshal can analyze any mounted logical volume (e.g., C:, D:, ...) including one on the current running system.

Main Page Showing P2P Marshal


Each discovered P2P client has its own tab. Each tab allows the investigator to display information on individual users as well as all users.

Searching for Downloaded Files


Investigators can search for files matching complex patterns, such as filename extension (e.g., .jpg) and file size and MAC times.

Reviewing Saved Searches


Searches can be saved to be included in the report that P2P Marshal generates. A search description includes all of the search terms and constraints that were specified.

Reviewing Saved Searches (the selected search has been renamed)


Saved searches can be renamed with a mnemonic name to make it easy to distinguish among different searches.

Generate custom report


Reports may be customized and generated in CSV, HTML, PDF, and RFT formats.

View thumbnails


Images can be quickly reviewed with P2P Marshal's thumbnail browser. It's fast!

 

Copyright ©2010 Architecture Technology Corporation. All Rights Reserved.