Strengths: Very useful and time-saving tool for identifying virtually every type of rogue file or application. Cost-effective, good documentation and superior support
Weaknesses: Nothing that we could find in this test
Verdict: Our Best Buy for features, value, documentation and utility
It's got a really ugly logo but it performs beautifully. Gargoyle Investigator is a specialised tool that detects various types of rogue files forensically and builds a report on what it finds. A quick look at the list of product types Gargoyle can identify is truly impressive. The total of 22 types covers more than 3,000 tools, including credit-card fraud programs, anti-forensics tools, keylogging tools, rootkits, spyware programs, viruses, Trojan horses and password cracking tools.
Gargoyle can also import other hash sets. It works by comparing hashes of programs on the target computer with those in its reference hash sets. The process is reasonably fast and very thorough.
This product is not only an important addition to any forensic lab, it is an excellent assessment tool for use in compliance and vulnerability testing. While a few computer forensic tools offer the ability to import hash sets and perform comparisons, Gargoyle not only has the most complete set we have seen, it also enables you to import any standard set and does not require a full forensic analysis to identify rogue programs.
This product also comes with the most documentation, all complete on a 256MB USB thumb drive. The 59MB of PDF documents contains detailed descriptions of each provided hash set in addition to product documentation, as well as a guide to creating your own hash sets.
Gargoyle is simplicity itself to install and run. Its reporting is clean and the user interface is simple and solid. On our test disk, the product correctly identified known rogue files. However, because it is possible that files have been altered to fool this type of forensic tool, the product offers a probability rating for each discovered file. This allows the analyst to draw conclusions about the likelihood that the file actually is what Gargoyle thinks it is.
At £516, Gargoyle is a cost-effective product that will save lots of time and money, especially as an incident post-mortem tool for discovering rogue code present on computers in the impacted network. WetStone provides a year of support at no extra cost and charges 20 per cent a year after that.
We liked this product a lot and for its utility, value and ease of use we award it our Best Buy.