In terms of an action plan per se I think something along the following may be a good start
Contact each vendor that uses a dongle and gather their requirements for dongle usages. Then ask them if they'd be willing to work on a shared dongle with other vendors. Then ask them if they'd be willing to have a discussion with the other vendors. Let them hash out the *real* requirements and hope they can play nice in the same sandbox…
Or, a third party could independently work with each vendor to develop a unversal dongle, and market it as such.
A wallet is a great idea! I've resorted to using a lanyard with all of them attached but it definitely has issues, like being annoying when I'm in a hurry.
Phew !!!!!
Not just me then.
EnCase I think has it personally A1 re Dongles.
Netanalysis has it personally A1 without dongles.
so do we force everyone to go as NA or do we say to EnCase can we share ya dongle !!!
Mitch
encase, x-ways, ftk, virtual forensics computing.. hey where are my free usb slots 😉
Hogfly,
Contact each vendor that uses a dongle and gather their requirements for dongle usages. Then ask them if they'd be willing to work on a shared dongle with other vendors. Then ask them if they'd be willing to have a discussion with the other vendors. Let them hash out the *real* requirements and hope they can play nice in the same sandbox…
Please share with the group what your results are…
Thanks!
I wear both user and developer hats so can see both sides of the problem.
All of my software at the moment uses a software key which simply displays the registered user name in the program title bar. This relies on a certain amount of trust and an assumption that users actually care if a colleague sees that they are using software licenced to someone else.
This is clearly open to abuse though and I know of one UK force that purchase a single licence and most of the officers in the unit used it. This was brought to my attention by one of the managers in the unit with a promise to purchase the additional licences – but it never happened.
I have some new software which will be more expensive and will probably be dongle protected.
Regarding working together there are a number of issues, some technical some monetary.
On a technical level access to the dongle (at least to the dongle I use) is via a single 32 but vendor token – If I were to share a token with another vendor then I as a vendor would get access to all of their software. There is a facility to save encrypted data to a dongle but that uses what are very sparse resources very quickly.
Probably the biggest issue though is one of cost – cost of development time (the negotiations would probably take for ever also) and cost of replacing the existing dongles wit the new shared one.
And finally you have pit all your eggs in one basket – if the dongle goes tits up you lose all your forensic software and no more running FTK on one machine while running encase on another.
I like the way Paraben handles this with Device Seizure-you have the option of a dongle or a key file. You can get the key file for two machines, one lab and one mobile, just copy it and go-no dongle. I believe with their dongle you can use any machine, the key file is hardware specific. So if you need portability between multiple machines you can choose the dongle, if you are chained to one or two machines, you can go dongleless.
The important thing is YOU get the choice.
Joe
Oooh, don't get me started on dongles. I've recently had some very cathartic rants about them on two other forensic forums, and I don't think the community could handle another. You know it's gone too far when a mere licence dongle feels the need to run as a service and hog a drive letter.
Suffice to say that I have started to believe that Guidance and Accessdata are in league with an international criminal/terrorist conspiracy to ensure that the world's forensic examiners are too busy sorting out obstructive licencing issues to be able to do any actual forensics.
jmech - interesting that Paraben seem to be more flexible now. Our unit gave up on them after the dog's breakfast that was Email Examiner's licening system. Pity, it was a nifty little app.
Ben,
I don't know about their other software licensing, the only software of theirs I use is DS. I hope if they don't use it for the others, they will soon.
Joe
Oooh, don't get me started on dongles. I've recently had some very cathartic rants about them on two other forensic forums, and I don't think the community could handle another. You know it's gone too far when a mere licence dongle feels the need to run as a service and hog a drive letter.
Go Ben Go Ben !!!!! D
Can anyone cite a case in which it was established that a dongle was compromised or circumvented? The Codemeter was promoted as making a product more secure. While I appreciate the fact that a publisher must safeguard it's property, I don't appreciate having to pay an extra $50 to help them along. It becomes even more onerous given the issues with WIBU products. I had pitched my Paraben products when using the dongle became so troublesome, before they apparently revised their licensing scheme. Infinadyne has imporoved with respect to its dongle, though it is a WIBU. Earlier, I had to call support every time I tried to open the application. For me, the bottom line is that every dongle should be plug-n-play, like XWF's, or show me a case in which such a dongle has failed.