Cyber Security Technologies Mac Marshal Field Edition

Powered by SC Magazine
 

Mac Marshal Field Edition from Cyber Security Technologies is a USB tool that allows users to perform a first-level forensic analysis on any Mac or PC computer.

 

It is a small and easy-to-use USB device that comes with licensed software with a unique ID installed directly on the device, so there is no concern about licensing and there is no need to install any other software. Thus, Mac Marshal Field Edition is a plug-and-play USB tool that can be used on many machines without any limitation or additional licensing. In addition to the Field Edition, there are individual software iterations for Mac, PC or both in a single bundle. 

The Field Edition that we tested contained both operating environments. When used to examine a live target system, Mac Marshal Field Edition can gather live state information (RAM, running processes, network connections, etc.) that would be lost when seizing the target machine and imaging the disk. Mac Marshal Forensic Edition for Macs runs on a Mac OS X 10.4 or later platform, and Mac Marshal Forensic Edition for PCs runs on a Microsoft Windows XP, or later, platform. 

Some of the features that are available on the Forensic edition for Macs are not supported on the Windows iteration. Spotlight searches, for example, are not available for Windows. Spotlight is a metadata indexing system, which is responsible for indexing, acquiring, storing and performing file metadata at the highest level. For indexed files, the Spotlight searching method is quick, with solid performance.

We conducted live testing with this tool on both Mac and PC machines. The procedure is almost the same for both. With a quick review of the manual, users will be able to start employing Mac Marshal in less than five minutes. It uses optimized software that will perform reliably, even on computers that are not high-performance devices. Additionally, the hardware is current, so there are no concerns about compatibility. The functions analyze hard drives, images or partitions regardless of the operating system that is installed on the machine under test.

The documentation provides detailed information about use, access and analysis, making the tool straightforward to deploy. 

The Forensic Editions require 200 MB disk space for installation. The Field Edition is delivered on a USB 2.0 flash drive and is plugged directly into a live target machine or an investigator's workstation, thus providing portability for use from one target to another. The target system must be running Mac OS X 10.4 or later (that is, taking an image is not necessary). 

Support is included in the price of the product for the first year and, after that, is 20 percent of the product price. Unfortunately, we found the website deficient. We could not find a support section. There is an email support address, but there is no direct support location on the site. That said, there is a section on the site for each product and those sections are quite complete. Mac Marshal is priced reasonably and we find it a good value.
 

Copyright © SC Magazine, US edition


Cyber Security Technologies Mac Marshal Field Edition
 
:
Overall Rating
Verdict:
Stick this one in your pocket when you head into the field to do a forensic exam. Also, if you use Macs, this is a must-have.
Product Info
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 608

Vote