I have just checked out an evaluation version of ‘Gargoyle Investigator Forensic Pro Edition’ by WetStone Technologies[1,2] .

What does it do?
The product has several databases of hashes (like Known File Filter (KFF) but for malicious software) of well known malicious software and the files associated with them. Depending on how many files it finds, and their risk factor, it will increase the confidence rating that the set of files that make up the program exist on the system. This causes a number of problems because some programs share dlls and semi-legit programs (i.e., UPX) therefore presenting the investigator with a few false-positives. This is expected from such a product and people should not complain. The developers on the other hand could help with a bit of innovation to present a filtering option. None the less with the current layout the investigator has to know and go through each false-positive to reach any good examples and conclusions.

I think this program should only be used in conjunction with any other forensic tool sets and antiviruses an investigator is using. If the investigator wants to find out what tool set or set of malicious software that had been installed on the scanned machine then they should use it.

I will not go into any more detail about the product as the basics can be found on the Ineternet and WetStone’s website[2].

Links Used:

[1] WetStone Technologies, Inc.- Gargoyle Investigator Forensic Pro Edition : https://www.wetstonetech.com/cgi/shop.cgi?view,2
[2]WetStone Technologies, Inc.- http://www.wetstonetech.com/