Home > Information Security Magazine > Hot Pick & Product Reviews > Product review: Paraben's P2 Enterprise Shuttle
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Product review: Paraben's P2 Enterprise Shuttle
Issue: Nov 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   NEXT PAGE  >

Management and FeaturesB+  
There are four major parts to the enterprise suite: the Agent, Captain, Proxy and Server. These modules interact with each other over a 128-bit encrypted channel.

The Paraben Agent is invisible to the user, although a savvy user may suspect something by the increased CPU load and network activity during acquisition. We were also able to see it with a rootkit detector.

The GUI-based Captain has a tabbed and framed design. Navigation is smooth, and buttons are easy to figure out with contextual help.

The Paraben Proxy, naturally, acts as an encrypted proxy between all of the components. It's installed on a system with an Internet connection The Server is the main module, performing all authentication and acting as the central repository for acquired data. It verifies access permission for any actions initiated by the Captain and Agent to provide increased security. The Server should be installed on an isolated and secured system with no direct Internet connection.

You will spend most of your time with the Captain, which has quite a few tools to analyze clients. You can do a forensic dump of data, copying over each file or directory, or perform deep system inspections while the system is running. You can view running processes, what files those processes are accessi...



ng, and which registry keys they have open. Other capabilities include capturing screenshots, viewing the registry, processes, drivers and network sessions, as well as viewing the files on the system. You can create a full snapshot and save it to the database.


ReportingB  
Reporting functions are fairly simple and to the point. Reports can be generated for module access such as server/proxy connecting, login and logout of the server, and agent connections. Each event is assigned a priority (fatal, error, warning and information); you can filter based on the event and the priority. Reports are generated in a table inside of Captain GUI. There are no charts or fancy graphics, but they're definitely not needed here. Reports can be saved to text, HTML or XML formats.


Verdict
Paraben's P2 Enterprise Shuttle is a good offering if you are looking for a remote forensics tool to use in a Windows environment. It provides all the tools necessary for a complete forensic analysis of a system, as well as the security to ensure the integrity of the acquired data.


Testing methodology: Server, Proxy and Captain were all installed on the same system. Agents were installed on a variety of Windows XP SP2 and Windows 2000 machines.


< PREV PAGE   |   1  |   2  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts