please wait
 
close window
top menu - tab edge
Home      members Customer Portal     corporate Corporate     partners Partners
Partners
Testimonials
Reseller Application
Map and Directions
FAQ - LiveWire Investigator™

  1. What do I get with LiveWire?
  2. How does LiveWire connect to remote machines that are up and running?
  3. LiveWire won't connect with the machine I'm trying to investigate, what should I do?
  4. What if the machine I'm investigating doesn't have a password for the user account?
  5. What are the minimum system requirements for LiveWire to run?
  6. When acquiring a drive image, what format are the images stored in?
  7. When I click on the Launch LiveWire shortcut nothing happens, what should I do?
  8. What type of reporting does LiveWire provide throughout an investigation?
  9. I forgot my investigative and administrative password. How can I log into LiveWire?
  10. Does LiveWire have a way of remotely looking for malicious software on the target box?
  11. If I have multiple people that would like to use the tool do I need more than one license?
What do I get with LiveWire?
When you purchase LiveWire, you will receive an installation CD, an HPV required for use, and all user manuals and documentation on the installation CD.

 How does LiveWire connect to remote machines that are up and running?
 LiveWire utilizes administrative credentials to push transient utilities to the target boxes for the purpose of investigation.

LiveWire won't connect with the machine I'm trying to investigate, what should I do?
There are a few reasons this could be happening. First, make sure the machine is running and that you can ping the IP address or hostname of the target machine. Second, it is possible that a firewall is blocking the connection and a networking work around may be in order. Third, if the suspect's machine has a group policy restricting Remote Classical User Authentication, you will not be able to login to this machine remotely.

What if the machine I'm investigating doesn't have a password for the user account?
If the Security Policy that limits blank passwords is disabled, LiveWire will acquire the data without providing the password. If that account option is enabled, LiveWire will not establish a connection with the target machine.

What are the minimum system requirements for LiveWire to run?
LiveWire will run as long as the requirements below are fulfilled. When acquiring a drive image what format are the images stored in?
Both the Logical and Physical disk images are saved in DD format allowing easy integration into existing postmortem tools.

When I click on the Launch LiveWire shortcut nothing happens, what should I do?
If the browser doesn't automatically pop up, you can launch a web browser and type https://localhost to connect to LiveWire.

What type of reporting does LiveWire provide throughout an investigation?
LiveWire allows investigators to build custom reports as they investigate target boxes. At any point they may also add annotations explaining why they are adding content to the report. LiveWire creates an automatic inquiry log, which logs all actions the investigator performs on the target box, making it easy to show exactly what actions they have taken during their investigation.

I forgot my investigative and administrative password. How can I log into LiveWire?
You can delete the file passwd located in C:\LiveWire\OnlineDFS to set the machine back to the default account.

Does LiveWire have a way of remotely looking for malicious software on the target box?
Gargoyle Investigator has been integrated into LiveWire making it possible for investigators to scan for malware from within this tool.

If I have multiple people that would like to use the tool do I need more than one license?
LiveWire is designed so that multiple people can log into the tool and perform investigations; however it is limited to one person at a time.