Cyber Security Technologies Mac Marshal Field Edition

Powered by SC Magazine
 

Mac Marshal Field Edition from Cyber Security Technologies is a USB tool that allows users to perform a first-level forensic analysis on any Mac or PC computer.

 

It is a small and easy-to-use USB device that comes with licensed software with a unique ID installed directly on the device, so there is no concern about licensing and there is no need to install any other software. Thus, Mac Marshal Field Edition is a plug-and-play USB tool that can be used on many machines without any limitation or additional licensing. In addition to the Field Edition, there are individual software iterations for Mac, PC or both in a single bundle. 

The Field Edition that we tested contained both operating environments. When used to examine a live target system, Mac Marshal Field Edition can gather live state information (RAM, running processes, network connections, etc.) that would be lost when seizing the target machine and imaging the disk. Mac Marshal Forensic Edition for Macs runs on a Mac OS X 10.4 or later platform, and Mac Marshal Forensic Edition for PCs runs on a Microsoft Windows XP, or later, platform. 

Some of the features that are available on the Forensic edition for Macs are not supported on the Windows iteration. Spotlight searches, for example, are not available for Windows. Spotlight is a metadata indexing system, which is responsible for indexing, acquiring, storing and performing file metadata at the highest level. For indexed files, the Spotlight searching method is quick, with solid performance.

We conducted live testing with this tool on both Mac and PC machines. The procedure is almost the same for both. With a quick review of the manual, users will be able to start employing Mac Marshal in less than five minutes. It uses optimized software that will perform reliably, even on computers that are not high-performance devices. Additionally, the hardware is current, so there are no concerns about compatibility. The functions analyze hard drives, images or partitions regardless of the operating system that is installed on the machine under test.

The documentation provides detailed information about use, access and analysis, making the tool straightforward to deploy. 

The Forensic Editions require 200 MB disk space for installation. The Field Edition is delivered on a USB 2.0 flash drive and is plugged directly into a live target machine or an investigator's workstation, thus providing portability for use from one target to another. The target system must be running Mac OS X 10.4 or later (that is, taking an image is not necessary). 

Support is included in the price of the product for the first year and, after that, is 20 percent of the product price. Unfortunately, we found the website deficient. We could not find a support section. There is an email support address, but there is no direct support location on the site. That said, there is a section on the site for each product and those sections are quite complete. Mac Marshal is priced reasonably and we find it a good value.
 

Copyright © SC Magazine, US edition


Cyber Security Technologies Mac Marshal Field Edition
 
:
Overall Rating
Verdict:
Stick this one in your pocket when you head into the field to do a forensic exam. Also, if you use Macs, this is a must-have.
Product Info
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 334

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 139

Vote