WetStone Technologies US-LATT
Strengths: Portable, easy to use, and powerful.
Weaknesses: No serious ones that we found.
Verdict: Excellent product for anyone in law enforcement and well worth considering in larger organizations that need to perform triage forensics. We make it our Recommended product this month.
On our first encounter with WetStone Technologies US-LATT, we studied the various manuals and articles, as well as the WetStone website, to gain an understanding of the product. US-LATT is a live acquisition and triage tool generally used by law enforcement to investigate suspect computers quickly, providing these agencies and first-responders the ability to collect evidence otherwise lost during "pull-the-plug" investigations.
The package includes a 32GB USB device, which has three necessary steps prior to implementation on a suspect system. The first step is to enter investigator information. Next, the USB is configured to the search parameters needed to acquire volatile and stateful evidence. The USB then loads the configuration settings. After these three steps, the USB is ready to be inserted in the suspect devices.
This particular package feels relatively basic, but the tool is highly portable and very easy to use. We found the thumb drive an excellent approach given its portability and straightforward plug-and-play. This system is cooperative and rapid to apply in the field once the configuration utility is completed. The fastest way to deploy the utility is to download and place the installer on a disc. Once the utility was installed, we encountered a series of error messages, giving the impression that the program was not fully compatible with the system. However, after ignoring the error messages, the utility worked well. We credit our virtual lab setup as a contributor to the bogus errors. Follow-up validation revealed no damage to our data and the results from the tools were consistent and what we expected.
Actual data acquisition time was not very long and results were quickly presented. This is where US-LATT showed its prowess, regardless of its simplistic feel. US-LATT's portability gives investigators the ability to analyze multiple systems at one time. This is an especially nice feature when investigating large organizations whose network may include many suspect computers. The product has some problems with compatibility on much older systems, but for most organizations that should not be a barrier to its use. US-LATT relies - correctly for the most part - on the fact that most suspects will have relatively recent versions of Windows operating systems.
US-LATT features a one-year maintenance package with Wetstone's typically strong 24-hour support. Customer assistance is also available by email. Documentation is easy to follow and read. The manual is also in PDF form, and certain terms can be searched for, which allows quick referencing. The system utility allows quick erase of imported data, which we like. However, while this is convenient for removing unwanted information easily, without access controls there is, of course, the danger of losing something important.
WetStone Technologies is under contract with the National Institute of Justice (NIJ), which enables US-LATT to be free for state and local law enforcement. This is an impressive benefit. The basic price of US-LATT for other purchasers is $1,495, with free, one-year product maintenance included in the initial purchase. Beyond that first year, renewal is $299. The website also offers online training for $500.