We were able to fool GEM in a few different ways. First, we deleted the steganography files to see if GEM would detect the deleted files. In this case, it did not. We were also able to create a false positive by sticking our thumb drive into a Mac machine, which created the .Trashes directory. GEM detected this as a wireless utility. Finally, we were able to get false negative by using utilities to embed a text file into a bitmap and a JPEG inside another JPEG, respectively. Both files were missed as having steganography. GEM, however, did detect the presence of the HXDEF100 rootkit sitting inside a ZIP file on the flash drive.
The help files included with the product are about as good as any we have seen. The initial help guide covers every option for how the utility works. The help file even includes information on how to use popular forensic software packages, like EnCase and AccessData, to create hash file sets, which can be used to search for new bad files (according to the hashes).
The pricing for Gargoyle Investigator Enterprise starts at $1,995, which is at the lower end of the price spectrum, making its value for the money high.