Cyber Security Technologies Mac Marshal
May 01, 2013
Cyber Security Technologies, IncProduct:
Mac Marshal Forensic Edition for Macs: $995; for PCs: $795; Bundle: $1,395; Field Edition: $1,795.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: These products make it easy to investigate a Mac, dual-boot or virtualized OS running on the Mac.
- Weaknesses: There is little documentation with the product or on the website to help users get started.
- Verdict: This set of products allows users to engage all features with ease when working in a Mac or hybrid Mac/PC environment.
Both Mac Marshal Forensic Edition and Field Edition provide user-friendly forensic tool kits. Each allows users to access a computer with ease and flexibility. While these offerings were designed originally for Mac OS X to access data, logs and virtual machines running within the Mac OS, the Forensic Edition for PCs will also work with MS Windows.
The Mac Marshal Forensic Edition software comes either on a disk or can be downloaded from the company's site and then installed onto the computer. This product allows the user to run on a Mac OS X 10.4 or later and Microsoft Windows XP or later. With this tool, one is able to examine the designated drive to a full extent. With the Forensic Edition, users are able to gather data from every Apple device connected to the computer being examined. When used on a Mac's features, the user is able to collect log information from the most common Mac apps, such as Safari, iChat, Mail and Address Book. This product provides a simple tool to access drives on a Mac or PC.
The other offering is Mac Marshal Field Edition. This iteration can be used on either a Mac or PC. The software comes on a flash drive and there is no installation to run on the computer. The Field Edition includes everything that the Forensic Edition bundle has, except that it is a live triage tool. Unlike the Forensic Edition, the Field Edition is able to be used on a computer without having to tamper with the unit. Other features of the Field Edition include physical memory acquisition and live-state acquisition tools, helping to preserve the computer data before creating an image. Both products allow for ease with navigation when viewing the chosen drive(s).
The support for each of the products is basic. Both include electronic manuals that offer a lay description of how to use the products. As for the website, there is not much instruction offered. The customer support is free for the first year, and is then 20 percent of the license price. The only type of support available is by email. We found this to be the major downside of the product itself. As a test, we emailed the support staff to see how responsive they were and were pleased to see that our inquiry was answered within 24 hours, and that their online support works standard business hours, five days a week.
Overall, this is a product that is worth investing in. It is easy to view a disk and gather data based on what is found. Both products are reasonably priced and worth every penny - with the caveat that the customer service is limited. However, that does not affect the value of the product itself. These tools are both useful in forensics on Macs and PCs, providing access to dual-boot Macs and common applications found on these types of operating systems. Mac Marshal Forensic and Field Edition are each a worthy investment for any forensics investigator.
[Editor's note] To help avoid confusion, there are four versions of this offering: a Mac version, a PC version, a Forensic Edition and a Field Edition. Mac works just with Mac. PC works just with PC. The other two work with both.
Sign up to our newsletters
SC Magazine Articles
- Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more
- House, in rush vote, passes Intelligence Authorization Act
- More than 100K WordPress sites compromised by malware due to plugin vulnerability
- U.S. accounts for most Mac OS X attacks and websites seeded with malware
- Audit shows University of Maryland security flaws remain
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- Securing the enterprise with the five W's of access
- Exploits, mobile and cloud storage threats will plague users in 2015
- 2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics
- Former employees sue Sony, theaters drop 'The Interview'