P2P Marshal Field Edition™ is available on a USB flash drive only and requires no installation to run. The Field Edition provides the capability to run on a live computer in the field. With all of the features of the Forensic Edition, the Field Edition can also be used on an investigator's workstation in the lab to examine disk images. Get the Field Edition here.

Features

• Analyzes peer-to-peer network usage on live computers running Windows XP through Windows 8 systems (English and non-English, 32- and 64-bit)
• Analyzes peer-to-peer network usage on images of Windows XP through Windows 8 systems (English and non-English, 32- and 64-bit)
• Reads raw/dd, EnCase, FTK, and AFF disk image files
• Provides full analysis for: Ares, BitTorrent, FrostWire, LimeWire, uTorrent, Azureus Vuze, and eMule
• Detects and shows default download locations for Kazaa
• Shows data source information for downloaded/shared files, peer hosts referenced, and client log entries
• Provides extensive search and bookmarking capabilities
• Built-in thumbnail and image viewer
• Produces customizable reports in CSV, HTML, PDF, and RTF formats
• Integrated online help
• Performs all actions in a forensically sound manner

Requirements

• Windows XP or newer
• External disk drive (e.g., USB) large enough to store case information and evidence when investigating live systems is strongly recommended

Screenshots

Click on the images below to view P2P Marshal Field Edition in action.

P2P Marshal can analyze any raw/dd, EnCase, or FTK disk image file or any mounted physical disk, including the current boot drive "live".
Each discovered P2P client has its own tab. Each tab allows the investigator to display information on individual users as well as all users.
Investigators can search for files matching complex patterns, such as filename extension (e.g., .jpg) and file size and MAC times.
Searches can be saved to be included in the report that P2P Marshal generates. A search description includes all of the search terms and constraints that were specified.
Shared/downloaded files, peer hosts, and client searches can be bookmarked for later inclusion in the report, optionally with preview images and data source information included.
Reports may be customized and generated in CSV, HTML, PDF, and RFT formats.
Images can be quickly reviewed with P2P Marshal's thumbnail browser. It's fast!