|FAQ - Gargoyle Investigator™ Enterprise Module
- What is Gargoyle Investigator™ Enterprise Module (GEM)?
- What do I receive with the purchase of GEM?
- How often are the Gargoyle datasets updated?
- How do I renew my product?
- What is included in the annual maintenance contract?
- From an investigative machine, how many targets can I simultaneously investigate?
- Does GEM require remote agent installation on the target machines, and what tracks are left behind?
- How does GEM connect to the remote machines under investigation?
- What are the Load List and Save List options on the file menu used for?
- When GEM completes, how can I view the investigative report?
- How do I learn how to use GEM in an investigation?
- Do I need to purchase Gargoyle Investigator™ Forensic Pro Edition separately to do the malware analysis?
- How do I update the malware datasets, and how often are updates available?
- None of my questions are answered, what should I do?
What is Gargoyle Investigator™ Enterprise Module (GEM)?
As the expansion of malicious code and contraband continues to grow our ability to quickly, accurately and efficiently execute on-demand enterprise discovery operations is vital. In addition, with the discovery of important corporate files and other intellectual property that may have leaked on to the desktops of unauthorized users we must be able to immediately identify and mitigate these potential breaches. GEM provides a vital tool for on-demand enterprise discovery of such malware, contraband and intellectual property.
What do I receive with the purchase of GEM?
The purchase of GEM includes access to our 24/7 customer support portal where the license can be downloaded directly to the platform you wish to use to support GEM. With the purchase of GEM, a free year of product maintenance and dataset updates are provided.
How often are the Gargoyle datasets updated?
Gargoyle datasets are continually being updated. A minimum of 12 releases per year are guaranteed to those who have an active annual maintenance contract.
How do I renew my product?
There is an annual maintenance contract for the Gargoyle Investigator product line. You will be notified by our maintenance specialist that your subscription is due. If you do not renew, after 60 days, your account will start to accrue daily reinstatement fees that will ultimately result in you paying for full price for the license.
What is included in the annual maintenance contract?
The annual maintenance contract includes product feature updates, dataset updates as well as email technical support using firstname.lastname@example.org. Also included is access to our online 24/7 Customer Support Portal where you can download the latest versions of the software, view FAQ's and have direct access to pertinent product information.
From an investigative machine, how many targets can I simultaneously investigate?
There is no limit on the number of scans or endpoints.
Does GEM require remote agent installation on the target machines, and what tracks are left behind?
GEM utilizes real-time pushed agents, which do not require pre-installation. GEM transmits the agent on the fly making cover investigations easier. From a forensic tracking perspective, there are no files left behind but the event log will indicate an administrative login.
How does GEM connect to the remote machines under investigation?
For a successful connection to occur administrative credentials are required. The credentials used to authenticate can either be local or domain accounts. At the traffic level, RPC is used as the underlying transmission.
What are the Load List and Save List options on the file menu used for?
The Save List allows investigators to save favorite or consistently used machines for later use. This may represent a subnet, division, or an entire branch within an office. The Load List is a time-saving option that eliminates the need to re-enter an already investigated machine.
When GEM completes, how can I veiw the investigative report?
If GEM finds any malicious software, the hostname or IP address used will be flagged with a different color to indicate malicious software was found. Right-click on any of the flagged machines and select the View Report option.
How do I learn how to use GEM in an investigation?
The first step would be to look at the user's manual provided with GEM under the resources tab on the customer support portal; however we do offer additional training that will show proper use of the tools in multiple environments. For more information on the training class, contact email@example.com.
Do I need to purchase Gargoyle Investigator™ Forensic Pro Edition separately to do the malware analysis?
No, GEM now includes a copy.
How do I update the malware datasets, and how often are updates available?
When you purchase GEM you will receive a login to the 24/7 customer support portal where updates are provided. Once a month WetStone releases a dataset update, and users simply log onto the site and download the .cab file containing the datasets. Once downloaded, users will need to navigate within GEM to the update menu and select "update datasets" and then select the downloaded .cab file.
None of my questions are answered, what should I do?
If you are a current customer with an active maintenance contract you should first refer to the GEM user's manual. If that does not answer your questions, contact WetStone support at firstname.lastname@example.org. If you are not a customer or no longer have an active maintenance contract, please contact us at email@example.com.