Computer
Forensic Tools
ProDiscover® is a powerful family of computer security tools that enables computer professionals to collect, preserve, and analyze computer evidence while creating evidentiary quality reports for use in legal proceedings.
Features Comparison
|
Feature |
ProDiscover Forensic |
ProDiscover Incident
Response |
|
|
Preview and Image Local Disk |
n |
n |
|
|
Split / Merge Image files |
n |
n |
|
|
Full Boolean & Regular Expression Search Capability |
n |
n |
|
|
Fast full
index based search capability |
n |
n |
|
|
Integrated Graphics Thumbnail viewer |
n |
n |
|
|
Integrated Outlook email viewer |
n |
n |
|
|
Integrated Internet History viewer |
n |
n |
|
|
Integrated Registry viewer |
n |
n |
|
|
Integrated Event Log viewer |
n |
n |
|
|
Integrated
Email Viewer |
|
||
|
Dynamic Access to HPA (patent pending) |
n |
n |
|
|
MD5, SHA1, SHA256 Hash Generation / Comparisons |
n |
n |
|
|
Extract Clusters / Files |
n |
n |
|
|
File / Cluster Cross Reference |
n |
n |
|
|
Import / Export .dd format images |
n |
n |
|
|
Import E01 Expert Witness Image files |
n |
n |
|
|
Support for VMware to run a captured image |
n |
n |
|
|
Extract EXIF information from jpeg/TIFF files |
n |
n |
|
|
Automatic XML Report Generation |
n |
n |
|
|
Add comments to evidence of interest |
n |
n |
|
|
Disk Wipe Capability |
n |
n |
|
|
Designed to NIST Imaging Tool Specification |
n |
n |
|
|
GUI Interface with Integrated Help |
n |
n |
|
|
FAT12/16/32 File Systems |
n |
n |
|
|
NTFS File System |
n |
n |
|
|
NTFS Dynamic Disk and software RAID |
n |
n |
|
|
Sun Solaris File UFS Systems |
n |
n |
|
|
Linux ext2 / ext3 file systems |
n |
n |
|
|
Perl Script Support |
n |
n |
|
|
Preview / Image Remote Disk over LAN/WAN |
|
n |
|
|
Preview /
Image Remote Volume Shadow Copies |
n |
||
|
Linux boot disk provided |
|
n |
|
|
Encryption / GUID / password protection |
|
n |
|
|
Image physical memory of live Remote System |
|
n |
|
|
Image System BIOS/CMOS |
|
n |
|
|
Stealth Mode Remote Agent |
|
n |
|
|
Capture System Volatile State Information |
|
n |
|
|
Process Explorer for remote system |
|
n |
|
|
Create and Compare Hash Baseline |
|
n |
|
|
Find Unseen Files and Processes (patent pending) |
|
n |
|
|
View connected & listening IP ports / end points |
|
n |
|
|
Hash compare to known Trojans and rootkits |
|
n |
|
Forensic Console
System Requirements
- Windows 2000/2003/XP/Vista/7 (32 and 64 Bit)
- 1.2 GHz or higher Pentium-compatible CPU
- 1 GB RAM (2 GB or above recommended)
- 25 MB available hard-disc space (200 MB for
installation)
- CD-ROM or DVD-ROM drive
- VGA or higher resolution monitor
- Keyboard and Mouse (or compatible pointing device)
Includes Technology
From:
License:
Each single end-user license purchased of ProDiscover® entitles a single user the right to use the ProDiscover® software. Copies of ProDiscover® may be installed on up to three machines provided, however, that only one copy is in use at any given time. ProDiscover® installations may also be moved as needed. See the ProDiscover® End-User License Agreement for details. Site and Enterprise licenses are also available for ProDiscover®.
[Back]