Strengths: Searches fast and well
Weaknesses: Some holes can still be used for the product to miss
Verdict: A unique product that can be used to search for some of the most difficult-to-find malware. We rate this product Recommended
SummaryFeature-rich is the first phrase that comes to mind when using the Gargoyle Investigator Enterprise. The functionality it provides is different from any other utility in this review or which we have seen on the market. The solution scans a drive, a network path or an image for many types of malware, in fact, for all types of malware we can think of.
This includes anti-forensics, exploit scanners, password crackers, steganography, botnets, file splitters, remote access, toolkits, credit-card fraud, gaming, rootkits, Trojans, denial of service, keyloggers, packet sniffers, wireless detection utilities, encryption, peer-to-peer tools and spyware.
Gargoyle Investigator Enterprise allows the investigator to select the major categories
(up to 30) to search for in the source media.
We were able to fool the product in a few different ways. First we deleted the steganography files to see if Gargoyle Investigator Enterprise would detect the deleted files. In this case it did not.
We were also able to create a false positive by sticking our thumb drive into a Mac machine which created the .Trashes directory. Gargoyle detected this as a wireless utility.
Finally, we were able to get false negative by using the jphide and the S-tools 4 utilities to embed a text file into a bitmap and a jpeg inside another jpeg respectively. Both files were missed as having steganography.
The product did, however, detect the presence of the hxdef100 rootkit sitting inside a zip file on the flash drive.
The provided help files are about as good as any we have seen. The initial help guide covers the usage and every option for how the utility works.
The documentation even includes information on how to use popular forensic software packages such as EnCase and AccessData to create hash file sets that can be used to search for new bad files (according to the hashes).
At £1,450, the pricing for Gargoyle Investigator Enterprise is at the lower end of the price spectrum making it excellent value for money.