ProDiscover® Incident Response enables you to quickly and thoroughly examine a live system operating anywhere on your network. When used as part of an incident response procedure or as part of a routine system audit, ProDiscover Incident Response enables you to determine if that system has been compromised and allows you to gather the evidence needed to prove it.
If you suspect that your system has been compromised or if you perform regular system audits, you need to thoroughly examine systems without taking your network down. ProDiscover® Incident Response will enable you to quickly, and with certainty, determine the integrity of your system while it is still on-line, performing its normal operations.
ProDiscover® Incident Response utilizes an agent that runs on the suspect system to read the disk at the bit level. This enables ProDiscover® Incident Response to work around the suspect system's o/s and examine all files, even if they are hidden by Trojans or rootkits. It also prevents any valuable metadata, such as last time accessed, from being altered. ProDiscover® Incident Response can search the suspect system for over 400 known Trojans or rootkits. And, to insure the integrity of the o/s, ProDiscover® Incident Response can examine all files and compare their hash signature to the signatures of known good files from a user provided baseline or from the National Drug Intelligence Center Hashkeeper database. ProDiscover® Incident Response allows system administrators to be sure that they uncover any compromised files in the least intrusive manner.
If the system has been compromised, ProDiscover® Incident Response allows the system administrator to make a bit stream image of the disk for later analysis and restore the system to proper working order to get it back on-line quickly. The off-line analysis of the data is easy and allows evidentiary quality data to be provided to law enforcement agencies.
The off-line analysis of the data is easy and allows “evidentiary quality” data to be provided to law enforcement agencies.
ProDiscover® IR Questions and Answers
ProDiscover® IR Product Support Policy
Download the free technical white paper Volume Shadow Copy With ProDiscover IR Updated
Download the free technical white paper "Suspect Host Incident Verification in Incident Response" which outlines using ProDiscover® IR in Incident Response.
Download the ProDiscover® IR Product Information Sheet
Download the ProDiscover® IR Remote Analysis and Imaging Application Note
Download the ProDiscover® Family Guide
Download the ProDiscover® IR Product Demo
Order ProDiscover® IR
Each single end-user license purchased of ProDiscover® entitles a single user the right to use the ProDiscover® software. Copies of ProDiscover® may be installed on up to three machines provided, however, that only one copy is in use at any given time. ProDiscover® installations may also be moved as needed. See the ProDiscover® End-User License Agreement for details. Site and Enterprise licenses are also available for ProDiscover®.[Back]