P2 Enterprise Shuttle
Strengths: An interesting implementation of an over-the-network computer forensics and incident management tool, very good security
Weaknesses: Unnecessarily complicated to deploy and support, lacks some needed features, very poor documentation
Verdict: An average entry in this class
The P2 Enterprise Shuttle is a tool that accesses computers remotely over the network and allows the user to perform a suite of forensic tests. The components use Star Trek terminology including the Shuttle (the overall product) and the Captain (the management console). In addition, you will need the proxy, the server, and crew agents for the PCs under examination.
To use the Shuttle, you deploy agents on those computers on the network to which you want forensic access. The agents and the Captains (there can be more than one) communicate through the proxy, which provides security for the connection. Both exchange data with the server, which provides centralised authentication to the other elements and constitutes the core control, storage and analysis component of the system.
We found the product to be unnecessarily complicated to deploy and manage. On a large network we would expect this level of complexity to require significant administration and performance is likely to suffer due to the multiple components that need to interact. The user interface on the Captain is about what one would expect for this type of computer forensic software.
Although it was a bit tricky getting the entire system up and running, we were pleased to see many of the capabilities that we have come to expect from an over-the-network forensic tool. For example, we could capture running processes, open ports and open network sessions. File acquisition over the network performed acceptably and the functions such as the data view performed as we expected.
The system is designed for a Windows environment, which is somewhat limiting. Although the advertised purpose for the P2 Enterprise Shuttle is proactive forensics, there is no scripting language that allows real-time acquisition of data. That means being proactive requires human interaction.
We found the documentation seriously lacking in details necessary to understand and use the system. There is no index and no table of contents.
Although the price is somewhat lower than its nearest competitor, this product requires two servers and either MS SQL Server or MySQL. The overall cost of ownership is, at best, average.