P2 Enterprise Shuttle
April 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: An interesting implementation of an over-the-network computer forensics and incident management tool, very good security
- Weaknesses: Unnecessarily complicated to deploy and support, lacks some needed features, very poor documentation
- Verdict: An average entry in this class
The P2 Enterprise Shuttle is a tool that accesses computers remotely over the network and allows the user to perform a suite of forensic tests. The components use Star Trek terminology including the Shuttle (the overall product) and the Captain (the management console). In addition, you will need the proxy, the server, and crew agents for the PCs under examination.
To use the Shuttle, you deploy agents on those computers on the network to which you want forensic access. The agents and the Captains (there can be more than one) communicate through the proxy, which provides security for the connection. Both exchange data with the server, which provides centralised authentication to the other elements and constitutes the core control, storage and analysis component of the system.
We found the product to be unnecessarily complicated to deploy and manage. On a large network we would expect this level of complexity to require significant administration and performance is likely to suffer due to the multiple components that need to interact. The user interface on the Captain is about what one would expect for this type of computer forensic software.
Although it was a bit tricky getting the entire system up and running, we were pleased to see many of the capabilities that we have come to expect from an over-the-network forensic tool. For example, we could capture running processes, open ports and open network sessions. File acquisition over the network performed acceptably and the functions such as the data view performed as we expected.
The system is designed for a Windows environment, which is somewhat limiting. Although the advertised purpose for the P2 Enterprise Shuttle is proactive forensics, there is no scripting language that allows real-time acquisition of data. That means being proactive requires human interaction.
We found the documentation seriously lacking in details necessary to understand and use the system. There is no index and no table of contents.
Although the price is somewhat lower than its nearest competitor, this product requires two servers and either MS SQL Server or MySQL. The overall cost of ownership is, at best, average.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Russian intelligence claims to bust up pending banking cyber-attack
- Presidential commission calls for collaborative action to combat cyber-threats
- Russia's banks will be hacked today, apparently
- Met Police grab suspect with phone unlocked to get hold of data
- Researchers hack Visa cards in six seconds