Wetstone Gargoyle Investigator
SummaryWetstone Technologies offers a great suite of forensic tools, so it's difficult to settle on just one. However, the Gargoyle Investigator made it to this list because it is very good at something at which most forensic tools are not quite so good: finding evidence of malware, but not just your average virus or trojan. Wetstone takes a pretty broad view of malware.
Gargoyle Investigator looks for evidence of typical malware and it also looks for evidence of such things as password crackers, P2P programs, piracy tools, spyware, botnets and anti-forensics, to name just a few. Many forensic tools have some ability to find typical malware. However, nothing we have encountered has the breadth and depth of Gargoyle.
Usually when one is analyzing a victim computer for what attacked it, one is stuck with looking for the obvious. When the attack is subtle or when the target computer has not obviously been damaged, Gargoyle shines. It can find the residue of an attack, pinpoint it and allow the investigator the latitude to investigate further.
This can be especially useful when looking for non-obvious attackers, such as trojans and botnets. Malware that plants a listener and then destroys itself is especially hard to find. The listener wakes up periodically, harvests some desired information, such as credit card numbers, phones home, dumps its load of data and goes back to sleep. Searching for that bot is a job for Gargoyle.
The company does not do the obvious in forensic tools. Therefore, it does not compete head-on with the other big shooters in the digital forensic world. Rather, it opts to cover areas of forensic investigation that are not obvious. No matter what tool you are using, there likely is a Wetstone product that will leverage and add value to your investigation.