WetStone Technologies Gargoyle Investigator
Strengths: Very useful and time-saving tool for identifying virtually every type of rogue file or application. Cost-effective, good documentation and superior support.
Weaknesses: Nothing that we could find.
Verdict: We award Gargoyle our Best Buy for features, value, documentation and utility.
It’s got a really ugly logo, but it performs beautifully. Gargoyle Investigator Forensic Pro Edition is a specialized tool for detecting various types of rogue files forensically and building a report on what it finds.
A quick look at the list of product types that Gargoyle can identify is truly impressive. The list includes anti-forensics tools, credit card fraud programs, keylogging tools, rootkits, spyware programs, viruses, trojan horses and password cracking tools among a total of 22 types that include over 3,000 individual tools that the product can identify.
Gargoyle also can import other hash sets, such as the master set from the National Software Reference Library (NSRL) at NIST. That disk, a DVD full of hash sets, is provided with the product along with the normally included Gargoyle sets. Gargoyle works by comparing hashes of programs on the target computer with the hashes in its reference hash sets. The process is reasonably fast and very thorough.
This product not only is an important addition to any forensic lab, it is an excellent assessment tool for use in compliance and vulnerability testing.
This product also gets the "most documentation" award. It comes complete with its full documentation set on a 256MB USB thumb drive. The 59MB of PDF documents contains detailed descriptions of each hash set, in addition to product documentation.
Gargoyle is simplicity itself to install and run. Its reporting is clean and the user interface is simple and solid. On our test disk, the product correctly identified known rogue files. However, because it is possible that files have been altered to fool this type of forensic tool, the product offers a probability rating for each discovered file.
At $995, Gargoyle is a cost-effective product that will save lots of time and money, especially as an incident post mortem tool for discovering rogue code present on computers in the impacted network. WetStone provides a year of support at no extra cost and charges 20 percent per year after that for full support and upgrades.
We liked this product a lot, and for its utility, value and ease of use we award it our Best Buy.