Sunday, February 15, 2009

WebCase - Vere Software - Updated

I recently downloaded and spent some time running WebCase through its paces.

A couple of things you need to know right from the start: It will not run in a virtual machine. It will not install properly on Vista 32 unless you turn off User Access Control. It does not run on Vista 64 at all.

You definitely need to re-boot after installation for it to hook up all of it's DLLs and paths and database connections.

The software is designed to be an on-line investigative tool for anyone who conducts internet investigations, including undercover chats, web page and social media site investigations.

The software offers the ability to capture screens, capture video, IP addresses, do on the fly whois lookups and and provides undercover identity management as well as suspect information management.

While you can accomplish all of these things using discrete tools, WebCase brings them all together into a single, easy to use interface.

I was impressed with how easy the software is to use. It has a very short learning curve and even people who are not used to using computers could be trained to use this tool very quickly.

While the interface is a little clunky, it is easy to get used to.

You can view screenshots at the company's website here.

One of the things the program does is save the screen captures and video captures with an MD5 hash. I am not sure what purpose that really serves, since how would another party verify them?

I can just as easily do a manual screen capture using some other tool and then create an MD5 hash for it. Once again, it would not be verifiable by another party.

I originally wrote the above.  However, after thinking about it, the MD5 hash does serve the purpose of providing a way to see if what was captured had been modified after the capture.  Since the MD5 is embedded in the case data, it should be protected from tampering.  If that is the case, then the MD5 hash is a good idea and is useful.

The reporting feature for the program is very good on one hand and disappointing on another.

The program generates a very nicely formatted HTML report that you can burn directly from the report screen to CD/DVD.

That is the good news. The bad news is that you cannot print the report as a single operation, but have to print each page individually. The software is really designed to provide a CD/DVD based HTML web browser report.

Hopefully in future updates they will figure out how to produce a report in PDF or RTF format as a single operation.

The LE price is 595.00 and the Corporate price is 745.00.

Sadly, they have adopted the same practice as Guidance Software and many others where people like me have to pay a higher price than law enforcement. Like corporate customers have a magically higher budget than law enforcement agencies.
I personally dislike this two tier pricing model, but it seems that nearly everyone in the "forensics tool or training" business does it.

Overall it is a nice program with some cool features. I am not sure it is worth 745.00 to a corporate investigator.

I know I don't do enough on-line investigations to buy a tool this expensive when I already have the means to do all of this with other tools.

However, if you are LE and you do a lot of these types of investigations, and they do, then the price for them is a good deal.

Since I am doing a review, I guess I need to rate the software. So here goes:
Installation 9/10 (It needs to detect Vista 64 and refuse to install.)
Ease of Use 9/10 (Interface is a tad clunky in places.)
Learning Curve 9/10 (It really only takes a few minutes to get going with it.)
Reporting 6/10 (It needs to be able to print or export a report in one shot)
Value LE 8/10 (The price is a little high in my opinion.)
Value Corp 5/10 (Too expensive to buy as an additional tool.)

Overall 8/10 (For what it is designed to do, it does it well.)

Friday, February 6, 2009

Cyber Crime Investigations - Book Review

"Cyber Crime Investigations - Bridging the Gaps between Security Professionals and Law enforcement and Prosecutors."

Anthony Reyes with Kevin O'Shea, Jim Steele, Jon R. Hansen, Captian Benjamin R. Jean and Thomas Ralph.

Cyber Crime INvestigations gives the reader an overview of cyber crime investigations in language that everyone can understand. It is an enjoyable read if you are interested in computer forensics and cyber crimes from a law enforcement perspective.

Anthony and his co-authors do an excellent job of explaining investigative techniques, legal issues and the impact that IT departments and corporate management can have on an investigation.

The chapters on forming a working relationship between law enforcement and business management is especially important if you have an IT department and want to know how best to interfact with the police.

The coverage of the legal issues is well done and should be studied by anyone who is working privately as an IT person or in computer support, to make sure that you do not get yourself into legal trouble when asked to partipate in an internal investigation.

There is also good coverage of wireless communications and the issues of having a wireless network running that is unsecured.

With sage advice on preparing for testimony and working with prosecutors, Reyes does a good job of giving useful information on these topics. Bear in mind that this is strictly from a prosecutorial perspective.

The one failing of the book, and understandably so, is that it assumes that the defense will not be prepared to mount a technical defense when confronted by computer forensics evidence. While that is still the case in a lot of cases, the use of defense experts may change that in the future.

It is a worthwile read and should be in the library of anyone who comes in contact with crimes involving computers and digital evidence.

Wednesday, February 4, 2009

What is this all about?

I decided to start this blog to do reviews of the tools and books out there to try and help out my fellow forensics people.

I am currently testing and will be posting a review shortly on several Voom Technologies products.

If you make software or hardware, or you have a book you want me to review, please contact me so we can make arrangement for you to provide a sample of the product for a limited time for me to test.

Chances are, I will also start talking about my reviews on my radio show in the future.