A couple of things you need to know right from the start: It will not run in a virtual machine. It will not install properly on Vista 32 unless you turn off User Access Control. It does not run on Vista 64 at all.
You definitely need to re-boot after installation for it to hook up all of it's DLLs and paths and database connections.
The software is designed to be an on-line investigative tool for anyone who conducts internet investigations, including undercover chats, web page and social media site investigations.
The software offers the ability to capture screens, capture video, IP addresses, do on the fly whois lookups and and provides undercover identity management as well as suspect information management.
While you can accomplish all of these things using discrete tools, WebCase brings them all together into a single, easy to use interface.
I was impressed with how easy the software is to use. It has a very short learning curve and even people who are not used to using computers could be trained to use this tool very quickly.
While the interface is a little clunky, it is easy to get used to.
You can view screenshots at the company's website here.
One of the things the program does is save the screen captures and video captures with an MD5 hash. I am not sure what purpose that really serves, since how would another party verify them?
I can just as easily do a manual screen capture using some other tool and then create an MD5 hash for it. Once again, it would not be verifiable by another party.
I originally wrote the above. However, after thinking about it, the MD5 hash does serve the purpose of providing a way to see if what was captured had been modified after the capture. Since the MD5 is embedded in the case data, it should be protected from tampering. If that is the case, then the MD5 hash is a good idea and is useful.
The reporting feature for the program is very good on one hand and disappointing on another.
The program generates a very nicely formatted HTML report that you can burn directly from the report screen to CD/DVD.
That is the good news. The bad news is that you cannot print the report as a single operation, but have to print each page individually. The software is really designed to provide a CD/DVD based HTML web browser report.
Hopefully in future updates they will figure out how to produce a report in PDF or RTF format as a single operation.
The LE price is 595.00 and the Corporate price is 745.00.
Sadly, they have adopted the same practice as Guidance Software and many others where people like me have to pay a higher price than law enforcement. Like corporate customers have a magically higher budget than law enforcement agencies.I personally dislike this two tier pricing model, but it seems that nearly everyone in the "forensics tool or training" business does it.
Overall it is a nice program with some cool features. I am not sure it is worth 745.00 to a corporate investigator.
I know I don't do enough on-line investigations to buy a tool this expensive when I already have the means to do all of this with other tools.
However, if you are LE and you do a lot of these types of investigations, and they do, then the price for them is a good deal.
Since I am doing a review, I guess I need to rate the software. So here goes:
Installation 9/10 (It needs to detect Vista 64 and refuse to install.)
Ease of Use 9/10 (Interface is a tad clunky in places.)
Learning Curve 9/10 (It really only takes a few minutes to get going with it.)
Reporting 6/10 (It needs to be able to print or export a report in one shot)
Value LE 8/10 (The price is a little high in my opinion.)
Value Corp 5/10 (Too expensive to buy as an additional tool.)
Overall 8/10 (For what it is designed to do, it does it well.)