WetStone Technologies

Unfortunately, our new website relies on browser features that are not available in older versions of Internet Explorer. As Microsoft has officially stopped supporting these browsers, we have chosen to do the same. Instead, we recommend that you upgrade Internet Explorer if you are running Windows 7, 8, or 10, or that you download a newer browser, like Mozilla Firefox or Google Chrome.

We at WetStone Technologies thank you for your interest and your patience.

WetStone Technologies,
a Division of SiviSoft

WetStone Technologies: A division of Allen Corporation
WetStone Technologies: A division of Allen Corporation

Gargoyle Investigator™ MP
DFIR Tool for Advanced Malware Detection


Gargoyle Investigator MP Datasheet


  • Advanced malware discovery
  • Used by forensic labs, law enforcement, field investigators, private investigators, and incident response teams
  • Rapid search of malicious applications
  • Comprehensive reporting

GET A FREE TRIAL


Gargoyle Investigator™ MP is the next generation of WetStone’s advanced malware discovery solution for computer forensic investigators and incident response teams. It is designed for forensic laboratories, law enforcement, field investigators, advanced private investigators, and enterprise cyber security personnel. Gargoyle performs a rapid search for malicious applications and provides significant clues regarding the activities, motives and intent of a suspect.

Gargoyle Investigator™ MP takes everything that its current users know and love about Gargoyle Investigator and improves upon it. Its new, modern codebase, faster scan times, and improved archive and file format processing make Gargoyle Investigator™ MP a great improvement over the previous generation of Gargoyle Investigator™.

Gargoyle MP is designed to simplify your breach and malware triage investigation and incident response activities. Gargoyle MP enables users to perform a rapid search for known contraband, hostile programs and lost or leaked corporate assets.

Understanding the impact of malicious code is essential when conducting cyber crime investigations, whether it is the discovery of botnets, trojans, anti-forensics, mobile malware or a host of other malicious applications. Accessing the full intent, sophistication, capabilities and communications of cyber criminals requires a complete understanding of what is in play.

Gargoyle MP is designed to integrate with EnCase by Guidance Software and AccessData’s Forensic Toolkit (FTK) to streamline the process of performing investigations on live machines or forensic images. Users can utilize a WetStone Technologies-provided EnScript inside EnCase in order to create a hash file of all files present on an image. This hash file can then be used for advanced malware discovery using Gargoyle MP.

Gargoyle MP provides comprehensive reporting in both HTML and CSV formats for use as digital evidence. Reports are generated in HTML format for an at-a-glance understanding of the threats identified on a system. Within the HTML report program detections are classified by program category, with a comprehensive table of pertinent information provided for each detected file. Gargoyle also produces a CSV report, with all the same detection data, for use in parsing engines or other custom applications.

Gargoyle MP also gives users the option to generate a case file at the time of the scan. When selected, the program will generate a CSV file in the same format as the WetStone EnScript file. This gives the user the ability to re-scan a system later in the future.


FEATURES OF GARGOYLE INVESTIGATOR™ MP


  • Advanced malware discovery
  • Used by forensic labs, law enforcement, field investigators, private investigators, and incident response teams
  • Rapid search of malicious applications
  • Comprehensive reporting
  • Compatible with a variety of Windows desktop platforms:
    • Windows 7
    • Windows 8
    • Windows 8.1
    • Windows 10
  • Compatible with a variety of Windows Server platforms:
    • Windows Server 2008 and 2008 R2
    • Windows Server 2012 and 2012 R2
    • Windows Server 2016

WHAT TYPES OF PROGRAMS CAN GARGOYLE MP DETECT?


WetStone Technologies searches for and maintains a malware repository for each of the following program categories:

  • Anti-forensics
  • Botnet
  • Cryptojacking
  • Cryptomining
  • Denial of service
  • Encryption
  • Exploit Kit
  • Exploit scanner
  • Fraud tools
  • Keylogger
  • OSINT
  • Password cracking
  • Peer-to-peer
  • Piracy
  • Ransomware
  • Remote access
  • Rootkit
  • Scareware
  • Sniffer
  • Spyware
  • Toolkit
  • Trojan
  • Web threats
  • Wireless tools

INTEGRATIONS


Gargoyle has the ability to scan comma separated value files, commonly referred to as CSV files of MD5 Hashes. The format of the file is both simple and strict. This allows Gargoyle to scan hash results for malicious code or cyber weapons from virtually any forensic collection platform.

Gargoyle currently integrates with the following platforms:

Encase® Forensic by Guidance Software
WetStone includes an EnScript with Gargoyle Investigator MP. The EnScript will export a hash file from EnCase that will be formatted as comma-delimited file that has the hash file field definitions Gargoyle can scan.

Forensic Explorer by GetData
WetStone allows for an export file from Forensic Explorer to be selected in the hash file section of the user interface of Gargoyle. Gargoyle will then automatically format the data into the hash file field definitions Gargoyle recognizes before it scans the file.


DELIVERABLE


  • Your choice of either Electronic Software Download (ESD) or FLASH license type (USB device) for Gargoyle MP
  • Access to monthly Dataset updates
  • Customer support portal account
  • 1-year software maintenance

LICENSING TYPES


  • ESD: Electronic software download for use on a single system.Available as a perpetual or subscription license. Not transferable. Basic license is 2 cores, additional core licensing available.
  • FLASH: 16GB USB 3.0 device for use in field investigations, and on multiple systems. Limited to 2 cores.

GET A FREE TRIAL