WetStone Technologies: A division of Allen Corporation

Unfortunately, our new website relies on browser features that are not available in older versions of Internet Explorer. As Microsoft has officially stopped supporting these browsers, we have chosen to do the same. Instead, we recommend that you upgrade Internet Explorer if you are running Windows 7, 8, or 10, or that you download a newer browser, like Mozilla Firefox or Google Chrome.

We at WetStone Technologies thank you for your interest and your patience.

WetStone Technologies, A Division of Allen Corporation

WetStone Technologies: A division of Allen Corporation
WetStone Technologies: A division of Allen Corporation

Gargoyle Investigator™

Gargoyle Investigator Datasheet
Gargoyle Investigator Datasheet (Spanish)

Gargoyle Investigator is an advanced malware discovery solution for computer forensic investigators. It is designed for forensic laboratories, law enforcement, field investigators and advanced private investigators. Gargoyle performs a rapid search of malicious applications using file hash analysis and provides significant clues regarding suspect activities, motives and intent. Gargoyle Investigator is designed to simplify your breach and malware triage investigation and incident response activities. Gargoyle enables users to perform a rapid search for known contraband, hostile programs and lost or leaked corporate assets. Investigators have the ability to glean information regarding activities, motives and intent of suspects or potential insiders.

Understanding the impact of malicious code is essential when conducting cybercrime investigations -whether it is the discovery of anti-forensics tools, botnets, trojans, keyloggers, mobile malware or a host of other malicious applications. Assessing the intent, sophistication, capabilities and communications of cyber criminals requires a comprehensive tool such as Gargoyle Investigator. Our unique search methods provide fast scanning and identification, significantly decreasing the time investigators spend on each case.

Gargoyle Investigator is designed to also work with EnCase by Guidance Software and the Forensic Toolkit (FTK), by AccessData, and other forensic workbench applications in order to streamline the tools required to perform investigations on live machines or forensic images. Users can utilize a WetStone Technologies-provided EnScript inside EnCase in order to create a hash file of all files present on an image, which can then be used for advanced malware discovery using Gargoyle Investigator.

Features of Gargoyle Investigator:

  • Advanced malware discovery
  • Used by forensic labs, law enforcement, field investigators and private investigators
  • Rapid search of malicious applications
  • Comprehensive reporting
  • Compatible with a variety of Windows desktop platforms:
    • Windows 2000
    • Windows 2000
    • Windows XP
    • Windows Vista
    • Windows 7
    • Windows 8
    • Windows 8.1
    • Windows 10
  • Compatible with a variety of Windows Server platforms:
    • Windows Server 2003
    • Windows Server 2008 and 2008 R2
    • Windows Server 2012 and 2012 R2
    • Windows Server 2016

What types of programs can
Gargoyle Investigator detect?

WetStone technologies searches for and maintains a malware repository for each of the following program categories:

  • Anti-forensics
  • Botnet
  • Cryptojacking
  • Cryptomining
  • Denial of service
  • Encryption
  • Exploit scanner
  • Fraud tools
  • Keylogger
  • Password cracking
  • Peer-to-peer
  • Piracy
  • Ransomware
  • Remote access
  • Rootkit
  • Scareware
  • Sniffer
  • Spyware
  • Toolkit
  • Trojan
  • Web threats
  • Wireless tools


  • Your choice of either Electronic Software Download (ESD) or FLASH license type (USB device) for Gargoyle Investigator
  • Access to monthly Dataset updates
  • Customer support portal account
  • 1-year customer support

Licensing Types

  • ESD: Electronic software download for use on a single system. Not transferable.
  • FLASH: 8GB encrypted USB device equipped with 256-bit AES Encryption for use in the field and on multiple systems and operating systems.