Join Us!

Gargoyle Forensic P...
 
Notifications
Clear all

Gargoyle Forensic Pro???  

  RSS
kevinspoon
(@kevinspoon)
New Member

Any thoughts? I have this and am ready to break it out. Wetstone has just come out with a newer version I plan on grabbing today. Has anyone used this in their investigations?

Quote
Posted : 05/06/2009 6:22 pm
seanmcl
(@seanmcl)
Senior Member

I have used it and depending upon the kind of work that you do, it can either make your job easier or more difficult.

Gargoyle looks for the files and other artifacts associated with various exploits. What it returns are a couple of values such as whether the file has been positiive identified, the ratio of the number of files found for given exploit to the total number of files associated with that exploit, and what you might consider a confidence level, i.e., how likely is it that the given exploit is/was on the device.

The problem (if you can call it that), is that there are many false positives which need to be reviewed by hand in order to determine if they are indicative of an exploit or associated with legitimate software.

In most cases where I have used it, I have used it to exclude the possibility of a malware defense/excuse since it can detect evidence of exploits even after they have been cleared.

ReplyQuote
Posted : 05/06/2009 7:04 pm
Igor_Michailov
(@igor_michailov)
Senior Member

Does anyone use Gargoyle Investigator Forensic Pro?

I want ask some questions about it.

ReplyQuote
Posted : 04/08/2015 10:17 pm
Share: