Review: LiveWire Investigator v. 3.1.1C

By

Live forensics is an emerging field and, although there are a lot of good reasons to use it, there still are caveats.

For: Easy to use, lots of live analysis functions and very well documented.
Against: The jury still is out on live forensics and in certain circumstances, this tool may be challenging to defend in court since it logs on to the target and does not use an agent.
Verdict: Extremely powerful tool for analyzing computers without taking them off-line. We award LiveWire our SC Magazine Lab Approved.

Review: LiveWire Investigator v. 3.1.1C
At least two other products in this Group Test perform live forensics, both of which use agents on the target machines to minimize interaction with the computer itself. LiveWire performs an extensive suite of forensic tests on remote running systems, but does not implant an agent on the target. There are arguments on both sides.

On the agent side, the pro is that the agent communicates with the investigator, not the target computer, so there is virtually no forensic interference with the target machine.

The con is that only machines with implanted agents can be analysed. If a computer without an agent needs to be analyzed, the agent must be installed.

LiveWire gets around both these issues by not implanting agents. Instead, it simply logs into the target and analyzes it while keeping meticulous logs of each activity for comparison with the target’s logs or forensic evidence if the computer needs to be imaged.

We found LiveWire very easy to use, secure and extremely well documented (there is a user’s guide and a 900-page manual, both with lots of detail). As a means of capturing volatile data on a remote machine, it is first rate. It does not, however, allow imaging remotely.

Its purpose is aligned more with collecting operating states and locating important investigatory data from the target. This allows critical systems to continue to operate during an investigation and reveals activity on the target as it is happening.

We anticipate using LiveWire to monitor computers being tested in the lab to determine their behaviour while they are being scanned and undergoing penetration testing. For that and for its utility, we award LiveWire Investigator our SC Magazine Lab Approved rating.

We find the cost of ownership at the low end of the price spectrum, especially since the license is for an unlimited number of target machines.

LiveWire Investigator v. 3.1.1C has been ranked Lab Approved by SC Magazine.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
forensicsecuritytools

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?