WetStone US-LATT provides investigators with the ability to collect critical, live system data. The tool uses a USB U3 smart device with user-defined configurations to capture data on live systems, and it uses Windows Auto Run to collect critical information, such as network data, hardware inventory, complete memory dump, and more.
The US-LATT USB Configurator program quickly and efficiently loads capture specifications onto the USB device. On inserting the USB device into a suspect system, US-LATT works quickly to gather information specified by the US-LATT USB Configurator. A complete collection of a Windows XP machine, which included a complete 2GB memory dump, finished in 10 minutes.
The configuration of the US-LATT USB device is a simple three-step process. The first step is to input investigator information. The second step is a simple screen with more than a dozen options that can be turned on or off through checkboxes. The third step involves loading the configuration to the USB device. After the USB device is configured, it is ready to be inserted into a suspect system. When you insert the configured USB device into a system, US-LATT instantly starts the data collection.
A report on the information collected is created by the US-LATT Import and Report Generation program on the configuration machine. The report is contained in a single HTML file. We think this is the biggest weakness of US-LATT. After each section, there is a link back to the navigation menu, but moving through the report is difficult as the navigation menu is only located at the top of the page. The program also allows investigators to "quick erase" the data collected after import.
The documentation provided is a PDF that contains installation, configuration and usage information. This is fully searchable along with links and bookmarks.
WetStone is currently under contract with the National Institute of Justice to provide US-LATT free to state and local law enforcement. We feel that this is an excellent value to the law enforcement community. We wish that it was available to non-law enforcement organizations.