Investigator™ Forensic Pro
call for US Law Enforcement and Education discounts
to conduct scans on a stand-alone system or network
resource for known contraband and hostile programs
datasets containing over 10,000 types of malicious
Creator™-ability to create or extend datasets
with popular forensic tools such as EnCase™ and FTK™
and 64-Bit drive mounting and management integration
forensic evidence reports with secure source
to scan within archive files (.zip, .rar, .jar, .bh, .arj.
lha, .lzh, .tar, .war, .enc, .bz2)
MB free disk space
III 1GHz processor
licenses are available upon request
Modules available to simultaneously scan suspects up
to 100 systems
is Gargoyle Investigator?
Gargoyle Investigator is an invaluable software tool for digital
investigations. When performing incident response, digital
forensic analysis, threat management, or compliance audits,
Gargoyle Investigator performs a quick search for known
contraband, hostile, or 'bad' programs, and provides significant
clues regarding the activities, motives and the intent of
suspects or potential suspects.
Investigator Forensic Pro is fast and easy to use, it provides
investigators with valuable information regarding the contents
of a suspect's computer along with essential information about
it's owner's computer use. Once identified, Gargoyle also maps
the detected files to the associated cyber weapons, and
classifies them into a category of malware. With the ability to
identify potentially hostile or suspicious programs based on the
loaded dataset, the classification of those hostile programs,
and the ability to view the suspect from a new aspect, while
ascertaining incriminating behaviors or methods; this becomes a
core tool for your investigation.
Gargoyle court approved?
has been taken to court and used for several cases. With the
easy to read HTML, timestamped reports, Gargoyle provides
detailed evidence that is court ready. Click
here to read our customer testimonials.
What is malware detection?
Gargoyle quickly and easily determines whether malware is
present on a system under investigation. Malware, short for
malicious software, is designed to wreak havoc, hide potentially
incriminating information, and/or disrupt or damage computer
systems. Gargoyle employs custom datasets containing thousands
of malware software signatures. Because the search is done for
the individual files associated with a particular program, it is
possible to find remnants even if the program has been deleted.
can be identified?
Gargoyle provides the investigator with the ability to glean
important suspect characteristics from the information revealed.
The computer sophistication, covert behaviors, and paranoia
levels (has the suspect tried to delete incriminating programs?)
can all be derived when searching for applications with a common
theme. These behaviors can assist in assessing suspect
capability, activities, intent, threat or "consciousness of
is a dataset?
A dataset is simply a collection of malware applications and
files, organized into a relational database. The database is
formatted similarly to the NSRL distributions. One dataset
(database file) is created for each malware category.
datasets can be created for various classifications of malware
(i.e. steganography software, vulnerability assessment tools,
network sniffers, port scanners, hacker tools, password cracking
tools, Denial of Service tools, etc.).* Additional datasets are
released on a monthly basis.
our current datasets
is included in the package?
Gargoyle Forensic Pro is designed for forensic investigators,
examiners, law enforcement personnel, private investigators, and
forensic lab use. The Forensic Pro version includes all the
malware datasets, Dataset Creator, Dataset Converter, embedded
into Gargoyle is drive mounting software to mount EnCase, dd,
raw, ISO and safeback images, detailed forensic evidence reports
with 1 year of software maintenance and dataset updates.