LiveDiscover Forensic Edition
Strengths: Easy-to-use tool with some nice information-gathering features
Weaknesses: Limited usefulness by itself - however, as part of an overall toolkit, it is indispensable
Verdict: Add this to Gargoyle, LiveWire and some of the other WetStone products for a solid kit supporting other larger-scale tools
SummaryWetStone's LiveDiscover is an interesting proposition. It is designed as a first step in locating target systems in large networks. LiveDiscover features the ability to run a discovery based on an
IP address or IP range to find information on systems such as the operating system, MAC address, host name, running services and many other useful pieces of information.
It can also map network segments and do some first-level vulnerability analysis.
This product is very simple to install and use. Installation is run as an msi file when the CD is loaded into the system. After a few minutes of setting up both the product and dongle drivers the program is ready to go.
To start an investigation, the user just follows a few simple steps from a wizard and LiveDiscover does the rest. Once the scan is complete, the investigator can go through the discovered nodes and easily find information.
From a performance standpoint, this is a great product. Because it only has a small network footprint, an investigation can take place without disrupting anything else. This solution goes beyond just servers and workstations; it can also forensically map switches, CD servers, jukeboxes and online storage. This provides the ability to get important information on almost any device running on the network.
The short PDF user guide illustrates product features by showing simple steps in running an investigation, starting from the discovery wizard through to viewing data and reports. The guide features many labelled screenshots and step-by-step instructions.
One year of product maintenance is included with the purchase price. WetStone also offers phone and email support, as well as a small help area on the website. This features an FAQ section and driver downloads for the dongle.
At a price just shy of £1,500, this product is good value for money. While it does have some very excellent features, it is intended only as a starting place for an investigation. Combine this with other Wetstone Technologies products for more complete forensic analysis or add to bigger-scope tools for additional capability.