Sunday, February 15, 2009

WebCase - Vere Software - Updated

I recently downloaded and spent some time running WebCase through its paces.

A couple of things you need to know right from the start: It will not run in a virtual machine. It will not install properly on Vista 32 unless you turn off User Access Control. It does not run on Vista 64 at all.

You definitely need to re-boot after installation for it to hook up all of it's DLLs and paths and database connections.

The software is designed to be an on-line investigative tool for anyone who conducts internet investigations, including undercover chats, web page and social media site investigations.

The software offers the ability to capture screens, capture video, IP addresses, do on the fly whois lookups and and provides undercover identity management as well as suspect information management.

While you can accomplish all of these things using discrete tools, WebCase brings them all together into a single, easy to use interface.

I was impressed with how easy the software is to use. It has a very short learning curve and even people who are not used to using computers could be trained to use this tool very quickly.

While the interface is a little clunky, it is easy to get used to.

You can view screenshots at the company's website here.

One of the things the program does is save the screen captures and video captures with an MD5 hash. I am not sure what purpose that really serves, since how would another party verify them?

I can just as easily do a manual screen capture using some other tool and then create an MD5 hash for it. Once again, it would not be verifiable by another party.

I originally wrote the above.  However, after thinking about it, the MD5 hash does serve the purpose of providing a way to see if what was captured had been modified after the capture.  Since the MD5 is embedded in the case data, it should be protected from tampering.  If that is the case, then the MD5 hash is a good idea and is useful.

The reporting feature for the program is very good on one hand and disappointing on another.

The program generates a very nicely formatted HTML report that you can burn directly from the report screen to CD/DVD.

That is the good news. The bad news is that you cannot print the report as a single operation, but have to print each page individually. The software is really designed to provide a CD/DVD based HTML web browser report.

Hopefully in future updates they will figure out how to produce a report in PDF or RTF format as a single operation.

The LE price is 595.00 and the Corporate price is 745.00.

Sadly, they have adopted the same practice as Guidance Software and many others where people like me have to pay a higher price than law enforcement. Like corporate customers have a magically higher budget than law enforcement agencies.
I personally dislike this two tier pricing model, but it seems that nearly everyone in the "forensics tool or training" business does it.

Overall it is a nice program with some cool features. I am not sure it is worth 745.00 to a corporate investigator.

I know I don't do enough on-line investigations to buy a tool this expensive when I already have the means to do all of this with other tools.

However, if you are LE and you do a lot of these types of investigations, and they do, then the price for them is a good deal.

Since I am doing a review, I guess I need to rate the software. So here goes:
Installation 9/10 (It needs to detect Vista 64 and refuse to install.)
Ease of Use 9/10 (Interface is a tad clunky in places.)
Learning Curve 9/10 (It really only takes a few minutes to get going with it.)
Reporting 6/10 (It needs to be able to print or export a report in one shot)
Value LE 8/10 (The price is a little high in my opinion.)
Value Corp 5/10 (Too expensive to buy as an additional tool.)

Overall 8/10 (For what it is designed to do, it does it well.)

1 comment:

Todd Shipley said...

Larry,

Thanks for the positive review of WebCase®. We are very proud of WebCase® and how it has matured as an investigative tool. Certainly there are always things for improvement.

I would like to address some of your comments to ensure you and your readers understand why we built WebCase the way we did.

Shutting down UAC before installation: The architecture that Microsoft uses to secure Windows Vista, doesn't allow some applications requiring admin approval to run when UAC is turned on. WebCase® uses a process recorder to log the TCP/IP traffic of the user. This tool requires access to a low level on the machine to record this traffic. The UAC blocks this access.

Won’t run in a virtual environment: As documented in our FAQ, WebCase’s security feature, using Aladdin’s HASP SRM dongle, does not allow the tool to be run in a virtual environment.

Doesn’t run on 64 bit machine: We are working on a 64 bit version for release soon.

Hashing: WebCase® uses hashing to document the state of a piece of evidence at the time it is collected. It is used to help document a particular place on the Internet at a given date and time. This, along with some of the other logging features, allows the user to assert his claim that the place visited on the web looked exactly as he saw it.

The WebCase® Report: We have had requests for printing the report portion and we intend to be adding this in the near future.

Pricing Structure: You are correct we are following the model of many in the field regarding our pricing. However, where we differ is that the purchase price on WebCase® is a perpetual license. There are no annual fees and no cost for upgrades for this version, so in the long run WebCase® is more than reasonable in its pricing.

I hope this clears up a couple of things and we look forward to hearing from your readers. WebCase® is a tool intended for all online investigators (law enforcement and corporate), their input into its operation and function is vital to its development.

Your readers can always contact us at info@veresoftware.com if they have any questions.

Todd Shipley
President
Vere Software
www.veresoftware.com