Join Us!

MacForensicsLab Fie...
 
Notifications
Clear all

MacForensicsLab Field Agent  

  RSS
neddy
(@neddy)
Active Member

Has anyone tried this yet?

http//www.macforensicslab.com/ProductsAndServices/index.php?main_page=product_info&cPath=12&products_id=277

Quote
Posted : 19/09/2009 1:09 am
zbrojovka
(@zbrojovka)
New Member

Just downloaded it yesterday and got my key to activate. Haven't tried it yet either, but I'm sure I'll get to next week.

ReplyQuote
Posted : 19/09/2009 1:58 am
seanmcl
(@seanmcl)
Senior Member

Another Law Enforcement Only product. Don't these guys realize that the private sector frequently needs to scan for the same things and that most non-LE products which detect suspect files through skin tone or other analysis end up altering MAC times?

I had a case a few months back where the FBI requested that an organization do its own enterprise scan or hire the services of an outside agent to do it. Their counsel retained us and as we were concerned with preserving any information which might be needed, forensically, we ended up borrowing their licensed software to do it.

It would have been much easier if we could have licensed it, ourselves, as this isn't the first case that we've had involving such a scan.

ReplyQuote
Posted : 19/09/2009 3:50 am
neddy
(@neddy)
Active Member

Restricting products to LE agencies only, seems to the private sector, to be both unfair and unneccessary. I can see why the private sector maintains this opinion but since LE is a huge player in the market, it makes sense for a vendor to apply the restriction in order to appear to LE agencies to be 'pro LE'.
LE do not like the general community to have access to their methods and tools and go to great lengths in restricting this information in order to thwart 'anti-forensic' activities.
You may ask, is this unfair and unneccessary? I would say it is not but I do have sympathy for those who have a need for such products and are denied them.

ReplyQuote
Posted : 27/09/2009 4:51 am
code_slave
(@code_slave)
Member

Another "realbasic" product.
To be in complete control of a computer you need to be in C++
I used to develop with real basic , but it was so damned full of bugs i gave up.

It makes me really really unhappy to see forensic products written in basic.

I actually got the demo version and started 'taking it apart' some time ago, I can say I was NOT impressed.

http//reverse.put.as/2008/12/03/searching-for-a-pace-interlok-protected-application/

http//www.macupdate.com/info.php/id/21046/macforensicslab

QUOTE

"IRONMAN $ 1000 for a little real basic application is just stealing money from people stay away from it

Then they got REAL defensive

SUBROSASOFT MacForensicsLab offers a complete forensic suite for just a small portion of what other companies charge for their forensic products. MacForensicsLab offers many features you won't find in any other forensic product. Skin tone filtering, credit card & social security number filtering, remote SQL reporting allowing multiple investigators to work on the same case simultaneously, powerful reporting, and many others.

I don't understand how you can review our product without ever trying it (we have never issued you a demo serial number). "

END QUOTE

Personally I like to see independent validation of such software, something they are not happy doing.

ReplyQuote
Posted : 04/10/2009 4:35 am
BattleSpeed
(@battlespeed)
Junior Member

To paraphrase Ronald Reagan - "Trust, but verify - and do it before you buy."

Forums such as this one should spell doom for inferior and/or overpriced products by exposing their defects, inferior design and/or critical limitations.

ReplyQuote
Posted : 28/10/2009 6:23 am
jwulff
(@jwulff)
New Member

Another Law Enforcement Only product.

Not true. It is free to Law Enforcement but non-LE can purchase if for $19.95.

ReplyQuote
Posted : 06/11/2009 5:19 pm
seanmcl
(@seanmcl)
Senior Member

Another Law Enforcement Only product.

Not true. It is free to Law Enforcement but non-LE can purchase if for $19.95.

When it was first announced in September, there was no mention of a distribution for non-LE in SubRosa Softs press releases. Either that was an oversight or they have updated their licensing practice.

ReplyQuote
Posted : 06/11/2009 5:47 pm
Jonathan
(@jonathan)
Senior Member

it makes sense for a vendor to apply the restriction in order to appear to LE agencies to be 'pro LE'.

In a fact-seeking exercise such as forensics for a tool or a vendor of a tool to be 'pro' one side or the other wouldn't look too good in court.

LE do not like the general community to have access to their methods and tools and go to great lengths in restricting this information in order to thwart 'anti-forensic' activities.

Possibly but that would be counter to Principle 3 of the ACPO guidelines. It would be difficult for an independent third-party to recreate the same results without access to either the tools or methodology used to create the results in the first place.

ReplyQuote
Posted : 06/11/2009 5:59 pm
seanmcl
(@seanmcl)
Senior Member

Possibly but that would be counter to Principle 3 of the ACPO guidelines. It would be difficult for an independent third-party to recreate the same results without access to either the tools or methodology used to create the results in the first place.

I would think that in the US it would violate the confrontation clause of the Sixth Amendment.

ReplyQuote
Posted : 06/11/2009 8:12 pm
kovar
(@kovar)
Senior Member

Greetings,

One way around this is to offer tools free or at low cost to LE and at very high price points to the private sector. End result is that LE is still the primary user.

There's also the issue that many of these "LE only" tools end up in private sector hands due to connections. Hardly a level corporate playing field, but that's not surprising.

-David

ReplyQuote
Posted : 06/11/2009 8:43 pm
seanmcl
(@seanmcl)
Senior Member

There's also the issue that many of these "LE only" tools end up in private sector hands due to connections. Hardly a level corporate playing field, but that's not surprising.

I had that very thing happen in a case that I was working on. The other side, a fairly well known digital forensics firm had access to tools from CMU (Aperio) which was restricted to LE. Part of the problem occurs when LE officers leave for the private sector and take the tools with them.

I suppose that I could have challenged the admission of the evidence on the grounds that it was obtained via software that was unlicensed but as it helped my client, that would have been shooting myself in the foot.

ReplyQuote
Posted : 06/11/2009 9:19 pm
Share: