Scanning

In order to use the scanner a case has to be created by using the "Create Case"-button.


You can now enter case-specific information which will also be used in generated reports.


The next step is to tell PeerLab where to search for applications. In this example the "Program Files"-folder was chosen.

If "Deep Scan" is selected an MD5-hash is calculated for all known extensions of P2P-programs (e.g. *.exe, *.jar, *.dll) and compared with the internal database.



After pushing the "start examination"-button the scanning-process starts. During the scanning-process the currently processed directory is displayed below the results-window.


After scanning is completed an overview of found applications is given as shown below. In this example 4 P2P-applications, 1 usenet-client (both database-verified) were found. Additionally a P2P-application was found which matches predefined search-criteria but has no entry in the database as it is either unknown or a new version.


The results are shown in the results-window. In this example the original filename of Shareaza was "Email-Client.exe" because of the deep-scan option the exe-file was scanned, an md5-hash compared with the internal database and a match was found.


The results are stored in the case-file. A report can be generated easily with the "generate report"-button. An example-report would like as follows:

(c) 2020 Kuiper Forensics