Questions? Please contact us
Gargoyle Investigator™ Windows Forensic Edition (G-FE) Is based upon the award winning computer forensics software Gargoyle Investigator™ Forensic Pro. G-FE is fully integrated into a LiveCD environment of Windows known as Windows® FE. This portable edition of Windows can be run anywhere and provides a completely self-contained environment separate from any suspect file system. This allows investigators to conduct rapid triage on the scene without risk of compromising evidence. Because of its light-weight nature, G-FE is able to process files in an extremely quick and efficient manner and provides results back in an easy-to-read report for quick analysis.
Key Features:
Unchanged access times (boots in read only)
Reports sent to configurable IP address
Command line
Windows FE platform
20 datasets containing over 10,000 types of malicious software
Detailed forensic evidence reports with secure source timestamping
Ability to scan within archive files (.zip, .rar, .jar, .bh, .arj. lha, .lzh, .tar, .war, .enc, .bz2)
License:
Single user license
Annual Software Maintenance Information..
Is Gargoyle court approved?
Gargoyle has been taken to court and used for several cases. With the easy to read HTML, timestamped reports, Gargoyle provides detailed evidence that is court ready. Click here to read our customer testimonials.
What is malware detection?
Gargoyle quickly and easily determines whether malware is present on a system under investigation. Malware, short for malicious software, is designed to wreak havoc, hide potentially incriminating information, and/or disrupt or damage computer systems. Gargoyle employs custom datasets containing thousands of malware software signatures. Because the search is done for the individual files associated with a particular program, it is possible to find remnants even if the program has been deleted.
What can be identified?
Gargoyle provides the investigator with the ability to glean important suspect characteristics from the information revealed. The computer sophistication, covert behaviors, and paranoia levels (has the suspect tried to delete incriminating programs?) can all be derived when searching for applications with a common theme. These behaviors can assist in assessing suspect capability, activities, intent, threat or "consciousness of guilt".
What is a dataset?
A dataset is simply a collection of malware applications and files, organized into a relational database. The database is formatted similarly to the NSRL distributions. One dataset (database file) is created for each malware category.
Separate datasets can be created for various classifications of malware (i.e. steganography software, vulnerability assessment tools, network sniffers, port scanners, hacker tools, password cracking tools, Denial of Service tools, etc.).* Additional datasets are released on a monthly basis.
View our current datasets
What is included in the package?
G-FE is delivered on a bootable CD. Software maintenance and dataset subscriptions are sold separately.
