LiveWire Investigator v3.1.1C
April 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to use, lots of live analysis functions and very well documented
- Weaknesses: The jury is still out on live forensics and, in certain circumstances, this tool may be challenging to defend in court since it does not use an agent
- Verdict: Very powerful tool for analysing computers without taking them offline
Live forensics is an emerging field and, although there are a lot of good reasons to use it, there are still caveats. Two other products in this group test perform live forensics, both of which use agents on the target machines to minimise interaction with the computer itself. LiveWire performs an extensive suite of forensic tests on remote running systems, but does not implant an agent on the target.
There are arguments on both sides. On the agent side, the advantage is that the agent communicates with the investigator, not the target computer, so there is virtually no forensic interference with the target machine. The disadvantage is that only machines with implanted agents can be analysed.
LiveWire gets around both these issues by not implanting agents. Instead, it simply logs into the target and analyses it while keeping meticulous logs of each activity for comparison with the target's logs or forensic evidence. Again, however, the emphasis is less on court presentation and more on discovery, compliance and incident management. With LiveWire, operational needs come first and forensic purity is secondary. In many cases this is congruent with corporate goals during an incident.
We found LiveWire very easy to use. It is extremely well documented, with a user's guide and a 900-page manual rich on detail. As a means of capturing volatile data on a remote machine, this is a first-rate product. It does not, however, allow imaging remotely. Its purpose is aligned more with collecting operating states and locating important investigatory data from the target. This enables critical systems to continue to operate during an investigation and reveals activity on the target as it is happening.
We anticipate using LiveWire to monitor PCs under test in the lab to determine their behaviour while they are being scanned and undergoing penetration testing. For that and for its utility, we award LiveWire Investigator our Approved for SC Labs rating. Priced at £4,665 including first-year support, we find the cost of ownership at the low end of the price spectrum, especially since the licence is for an unlimited number of target machines.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report