 |
|
 |
|
|
 |
FAQ - Gargoyle Investigator™ Enterprise Module
|
- What is Gargoyle Investigator™ Enterprise Module (GEM)?
- What do I receive with the purchase of GEM?
- How do I install GEM on my investigative machine and get working immediately?
- From an investigative machine, how many targets can I simultaneously investigate?
- Does GEM require remote agent installation on the target machines, and what tracks are left behind?
- How does GEM connect to the remote machines under investigation?
- How do I resolve the following error messages, "No HPV token was found." "Please insert the appropriate HPV token."?
- How do I configure GEM to scan for malicious software?
- What are the Load List and Save List options on the file menu used for?
- When GEM completes, how can I veiw the investigative report?
- How do I learn how to use GEM in an investigation?
- Do I need to purchase Gargoyle Investigator™ Forensic Pro Edition separately to do the malware analysis?
- How do I update the malware datasets, and how often are updates available?
- None of my questions are answered, what should I do?
What is Gargoyle Investigator™ Enterprise Module (GEM)?
Gargoyle Investigator™ Enterprise Module (GEM) is a enterprise forensic tools designed to search for malicious software on remote targets. GEM collects hashes from remote systems and stores them with their associated modified, access, and created times in an XML file. Upon the completion of hashing, the file is sent back on the investigative machine and analyzed against the award winning Gargoyle Investigator™ Forensic Pro Edition datasets, and automatic report generation occurs.
What do I receive with the purchase of GEM?
The purchase of GEM includes an installation CD and a licensed HASP token. With each purchase of GEM, a free year of product maintenance is provided.
How do I install GEM on my investigative machine and get working immediately?
When you run the installation CD provided with GEM it will install the program to C:\Program Files\WetStone Technologies\Gargoyle\. A shortcut will be placed in your windows start menu under programs as well, making it easily accessible.
From an investigative machine, how many targets can I simultaneously investigate?
Depending upon the size and topology of the network, GEM has multiple license points allowing investigators to efficiently scan the appropriate network. Licenses start at 10, 25, 50 and 100; however, if you need to scan more machines, multiple licenses can be purchased.
Does GEM require remote agent installation on the target machines, and what tracks are left behind?
GEM utilizes real-time pushed agents, which do not require pre-installation. GEM transmits the agent on the fly making cover investigations easier. From a forensic tracking perspective, there are no files left behind but the event log will indicate an administrative login.
How does GEM connect to the remote machines under investigation?
For a successful connection to occur administrative credentials are required. The credentials used to authenticate can either be local or domain accounts. At the traffic level, RPC is used as the underlying transmission.
How do I resolve the following error messages, "No HPV token was found." "Please insert the appropriate HPV token."?
It appears that the supplied HPV HASP token required for GEM in not inserted. Plug in the HPV token and restart the application. If that still does not work, it is possible that the drivers are not installed correctly and a reinstallation of the drivers is required. Locate the HASPUSERSETUP.exe program from the WetStone website or the root of the GEM installation CD.
How do I configure GEM to scan for malicious software?
From the main GEM interface, open the configuration tab and ensure the Discovery Only selection is not checked. Then, click on the Dataset Selection tab, select all the appropriate datasets you wish to include in your investigation.
What are the Load List and Save List options on the file menu used for?
The Save List allows investigators to save favorite or consistently used machines for later use. This may represent a subnet, division, or an entire branch within an office. The Load List is a time-saving option that eliminates the need to re-enter an already investigated machine.
When GEM completes, how can I veiw the investigative report?
If GEM finds any malicious software, the hostname or IP address used will be flagged a different color to indicate malicious software was found. Right-click on any of the flagged machines and pick the option View Report.
How do I learn how to use GEM in an investigation?
The first step would be to look at the user's manual provided with GEM; however we do offer a four-day class that will show proper use of the tools in multiple environments. For more information on the training class, contact sales@wetstonetech.com.
Do I need to purchase Gargoyle Investigator™ Forensic Pro Edition separately to do the malware analysis?
No, GEM now includes a copy no matter what license point you purchase.
How do I update the malware datasets, and how often are updates available?
When you purchase GEM you will receive a login to the update site. Once a month WetStone releases a dataset update, and you would simply log into the site and download the zip file containing the datasets. Extract the zip file in the GEM installation directory C:\Program Files\WetStone Technologies\Gargoyle.
None of my questions are answered, what should I do?
First, check the GEM User's Manual if you're a customer, and if that doesn't answer your questions, contact WetStone support at support@wetstonetech.com. If you are not a customer, contact us at 1-877-WETSTONE ext. 2 or sales@wetstonetech.com.
|
|
|
 |
|
|
|
 |
Customer Portal
Shopping Cart
Corporate
Contact Us