Cyber Security Technologies Mac Marshal Field Edition

Powered by SC Magazine
 

Mac Marshal Field Edition from Cyber Security Technologies is a USB tool that allows users to perform a first-level forensic analysis on any Mac or PC computer.

 

It is a small and easy-to-use USB device that comes with licensed software with a unique ID installed directly on the device, so there is no concern about licensing and there is no need to install any other software. Thus, Mac Marshal Field Edition is a plug-and-play USB tool that can be used on many machines without any limitation or additional licensing. In addition to the Field Edition, there are individual software iterations for Mac, PC or both in a single bundle. 

The Field Edition that we tested contained both operating environments. When used to examine a live target system, Mac Marshal Field Edition can gather live state information (RAM, running processes, network connections, etc.) that would be lost when seizing the target machine and imaging the disk. Mac Marshal Forensic Edition for Macs runs on a Mac OS X 10.4 or later platform, and Mac Marshal Forensic Edition for PCs runs on a Microsoft Windows XP, or later, platform. 

Some of the features that are available on the Forensic edition for Macs are not supported on the Windows iteration. Spotlight searches, for example, are not available for Windows. Spotlight is a metadata indexing system, which is responsible for indexing, acquiring, storing and performing file metadata at the highest level. For indexed files, the Spotlight searching method is quick, with solid performance.

We conducted live testing with this tool on both Mac and PC machines. The procedure is almost the same for both. With a quick review of the manual, users will be able to start employing Mac Marshal in less than five minutes. It uses optimized software that will perform reliably, even on computers that are not high-performance devices. Additionally, the hardware is current, so there are no concerns about compatibility. The functions analyze hard drives, images or partitions regardless of the operating system that is installed on the machine under test.

The documentation provides detailed information about use, access and analysis, making the tool straightforward to deploy. 

The Forensic Editions require 200 MB disk space for installation. The Field Edition is delivered on a USB 2.0 flash drive and is plugged directly into a live target machine or an investigator's workstation, thus providing portability for use from one target to another. The target system must be running Mac OS X 10.4 or later (that is, taking an image is not necessary). 

Support is included in the price of the product for the first year and, after that, is 20 percent of the product price. Unfortunately, we found the website deficient. We could not find a support section. There is an email support address, but there is no direct support location on the site. That said, there is a section on the site for each product and those sections are quite complete. Mac Marshal is priced reasonably and we find it a good value.
 

Copyright © SC Magazine, US edition


Cyber Security Technologies Mac Marshal Field Edition
 
:
Overall Rating
Verdict:
Stick this one in your pocket when you head into the field to do a forensic exam. Also, if you use Macs, this is a must-have.
Product Info
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1791

Vote
Do you support the abolition of the Office of the Information Commissioner?