Cyber Security Technologies Mac Marshal
May 01, 2013
Cyber Security Technologies, IncProduct:
Mac Marshal Forensic Edition for Macs: $995; for PCs: $795; Bundle: $1,395; Field Edition: $1,795.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: These products make it easy to investigate a Mac, dual-boot or virtualized OS running on the Mac.
- Weaknesses: There is little documentation with the product or on the website to help users get started.
- Verdict: This set of products allows users to engage all features with ease when working in a Mac or hybrid Mac/PC environment.
Both Mac Marshal Forensic Edition and Field Edition provide user-friendly forensic tool kits. Each allows users to access a computer with ease and flexibility. While these offerings were designed originally for Mac OS X to access data, logs and virtual machines running within the Mac OS, the Forensic Edition for PCs will also work with MS Windows.
The Mac Marshal Forensic Edition software comes either on a disk or can be downloaded from the company's site and then installed onto the computer. This product allows the user to run on a Mac OS X 10.4 or later and Microsoft Windows XP or later. With this tool, one is able to examine the designated drive to a full extent. With the Forensic Edition, users are able to gather data from every Apple device connected to the computer being examined. When used on a Mac's features, the user is able to collect log information from the most common Mac apps, such as Safari, iChat, Mail and Address Book. This product provides a simple tool to access drives on a Mac or PC.
The other offering is Mac Marshal Field Edition. This iteration can be used on either a Mac or PC. The software comes on a flash drive and there is no installation to run on the computer. The Field Edition includes everything that the Forensic Edition bundle has, except that it is a live triage tool. Unlike the Forensic Edition, the Field Edition is able to be used on a computer without having to tamper with the unit. Other features of the Field Edition include physical memory acquisition and live-state acquisition tools, helping to preserve the computer data before creating an image. Both products allow for ease with navigation when viewing the chosen drive(s).
The support for each of the products is basic. Both include electronic manuals that offer a lay description of how to use the products. As for the website, there is not much instruction offered. The customer support is free for the first year, and is then 20 percent of the license price. The only type of support available is by email. We found this to be the major downside of the product itself. As a test, we emailed the support staff to see how responsive they were and were pleased to see that our inquiry was answered within 24 hours, and that their online support works standard business hours, five days a week.
Overall, this is a product that is worth investing in. It is easy to view a disk and gather data based on what is found. Both products are reasonably priced and worth every penny - with the caveat that the customer service is limited. However, that does not affect the value of the product itself. These tools are both useful in forensics on Macs and PCs, providing access to dual-boot Macs and common applications found on these types of operating systems. Mac Marshal Forensic and Field Edition are each a worthy investment for any forensics investigator.
[Editor's note] To help avoid confusion, there are four versions of this offering: a Mac version, a PC version, a Forensic Edition and a Field Edition. Mac works just with Mac. PC works just with PC. The other two work with both.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say