Gargoyle quickly and easily determines whether malware is present on a system
under investigation. Malware, short for malicious software, is designed
to wreak havoc, hide potentially incriminating information, and/or disrupt
or damage computer systems. Gargoyle employs custom datasets containing
thousands of malware software signatures.
What is Gargoyle?
Gargoyle is a software tool providing inspectors with the ability to conduct
a quick search on a given computer or machine for known contraband and
hostile programs. Because the search is done for the individual files
associated with a particular program, it is possible to find remnants
even if the program has been deleted. Gargoyle is intended to be a quick
and easy scan, requiring a minimal amount of technical knowledge.
What Can be Identified?
Gargoyle assists the investigator by providing a summary of installed
programs, identification of potentially hostile or suspicious programs
based on the loaded dataset, the classification of those hostile programs
(hacker took, cracker tool, disruption tool), and the ability to view
the suspect from a new aspect, while ascertaining incriminating behaviors
Gargoyle provides the investigator with the ability to glean important
suspect characteristics from the information revealed. The computer sophistication,
covert behaviors, and paranoia levels (has the suspect tried to delete
incriminating programs?) can all be derived when searching for applications
with a common theme. These behaviors can assist in assessing suspect capability,
activities, intent, threat or consciousness of guilt.
What is a Dataset?
A Dataset is simply a collection of malware applications and files, organized
into a relational database. The database is formatted similarly to the
NSRL distributions. One dataset (database file) is created for each malware
Separate datasets can be created for various classifications of malware
(i.e., encryption software, steganography software, vulnerability assessment
tools, network sniffers, port scanners, hacker tools, password cracking
tools, Denial of Service tools, etc.). Many of these datasets are currently
available within Gargoyle. Additional datasets are released about every