Cyber Security Technologies Mac Marshal Field Edition
May 01, 2012
Cyber Security Technologies, IncProduct:
Mac Marshal Forensic Edition for Macs: $995; Mac Marshal Forensic Edition for PCs: $795; Mac Marshal Forensic Edition - Bundle (includes both Mac and PC versions): $1,395; Mac Marshal Field Edition: $1,795.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Convenient, fast and reliable field tool with solid Mac forensics.
- Weaknesses: No support section on the website.
- Verdict: Stick this one in your pocket when you head into the field to do a forensic exam. Also, if you use Macs, this is a must-have.
The Field Edition that we tested contained both operating environments. When used to examine a live target system, Mac Marshal Field Edition can gather live state information (RAM, running processes, network connections, etc.) that would be lost when seizing the target machine and imaging the disk. Mac Marshal Forensic Edition for Macs runs on a Mac OS X 10.4 or later platform, and Mac Marshal Forensic Edition for PCs runs on a Microsoft Windows XP, or later, platform.
Some of the features that are available on the Forensic edition for Macs are not supported on the Windows iteration. Spotlight searches, for example, are not available for Windows. Spotlight is a metadata indexing system, which is responsible for indexing, acquiring, storing and performing file metadata at the highest level. For indexed files, the Spotlight searching method is quick, with solid performance.
We conducted live testing with this tool on both Mac and PC machines. The procedure is almost the same for both. With a quick review of the manual, users will be able to start employing Mac Marshal in less than five minutes. It uses optimized software that will perform reliably, even on computers that are not high-performance devices. Additionally, the hardware is current, so there are no concerns about compatibility. The functions analyze hard drives, images or partitions regardless of the operating system that is installed on the machine under test.
The documentation provides detailed information about use, access and analysis, making the tool straightforward to deploy.
The Forensic Editions require 200 MB disk space for installation. The Field Edition is delivered on a USB 2.0 flash drive and is plugged directly into a live target machine or an investigator's workstation, thus providing portability for use from one target to another. The target system must be running Mac OS X 10.4 or later (that is, taking an image is not necessary).
Support is included in the price of the product for the first year and, after that, is 20 percent of the product price. Unfortunately, we found the website deficient. We could not find a support section. There is an email support address, but there is no direct support location on the site. That said, there is a section on the site for each product and those sections are quite complete. Mac Marshal is priced reasonably and we find it a good value.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard