Gargoyle Investigator Forensic Pro – Evaluation

I have just checked out an evaluation version of ‘Gargoyle Investigator Forensic Pro Edition’ by WetStone Technologies[1,2] .

What does it do?
The product has several databases of hashes (like Known File Filter (KFF) but for malicious software) of well known malicious software and the files associated with them. Depending on how many files it finds, and their risk factor, it will increase the confidence rating that the set of files that make up the program exist on the system. This causes a number of problems because some programs share dlls and semi-legit programs (i.e., UPX) therefore presenting the investigator with a few false-positives. This is expected from such a product and people should not complain. The developers on the other hand could help with a bit of innovation to present a filtering option. None the less with the current layout the investigator has to know and go through each false-positive to reach any good examples and conclusions.

I think this program should only be used in conjunction with any other forensic tool sets and antiviruses an investigator is using. If the investigator wants to find out what tool set or set of malicious software that had been installed on the scanned machine then they should use it.

I will not go into any more detail about the product as the basics can be found on the Ineternet and WetStone’s website[2].

Links Used:

[1] WetStone Technologies, Inc.- Gargoyle Investigator Forensic Pro Edition :,2

[2]WetStone Technologies, Inc.-

This entry was posted in Uncategorized. Bookmark the permalink.

6 Responses to Gargoyle Investigator Forensic Pro – Evaluation

  1. Viv says:

    Having used this tool during investigations, it was found that this tool does not support identification of any polymorphic programs such as the famous eblaster program. The famous keylogger Spectorsoft is based on this type of program. Wetstone’s response to not detecting these programs was not satisfactory, as it is marketing the tool as being able to detect any suspicious programs.
    Wetsone claimed that this is the only program Gargoyle could not deted, and offered an unsupported free beta program, AntiMorph, that could search for traces of the eblaster program. The program was unable to detect recent versions of spectorsoft.

  2. How to Get Six Pack Fast says:

    Hey, nice tips. I’ll buy a bottle of beer to the person from that chat who told me to visit your site 🙂

  3. this is a realy a help to my investigations but i want to have this software through net.

  4. JaneRadriges says:

    The article is ver good. Write please more

  5. body fat for six pack says:

    A lot of thanks for all of the work on this site.

    Kim takes pleasure in going through investigation and
    it is easy to see why. All of us notice all about the dynamic
    manner you present priceless tricks through this web blog and invigorate
    contribution from other ones on that topic so our own
    princess is certainly learning a whole lot. Enjoy the rest of the new year.
    You have been carrying out a dazzling job.

Leave a Reply

Your email address will not be published. Required fields are marked *