Gargoyle Forensic Pro???
Any thoughts? I have this and am ready to break it out. Wetstone has just come out with a newer version I plan on grabbing today. Has anyone used this in their investigations?
I have used it and depending upon the kind of work that you do, it can either make your job easier or more difficult.
Gargoyle looks for the files and other artifacts associated with various exploits. What it returns are a couple of values such as whether the file has been positiive identified, the ratio of the number of files found for given exploit to the total number of files associated with that exploit, and what you might consider a confidence level, i.e., how likely is it that the given exploit is/was on the device.
The problem (if you can call it that), is that there are many false positives which need to be reviewed by hand in order to determine if they are indicative of an exploit or associated with legitimate software.
In most cases where I have used it, I have used it to exclude the possibility of a malware defense/excuse since it can detect evidence of exploits even after they have been cleared.
Does anyone use Gargoyle Investigator Forensic Pro?
I want ask some questions about it.