Incident Verification and System Auditing Tool

ProDiscover® Incident Response enables you to quickly and thoroughly examine a live system operating anywhere on your network. When used as part of an incident response procedure or as part of a routine system audit, ProDiscover Incident Response enables you to determine if that system has been compromised and allows you to gather the evidence needed to prove it.

Features and Benefits:

If you suspect that your system has been compromised or if you perform regular system audits, you need to thoroughly examine systems without taking your network down. ProDiscover® Incident Response will enable you to quickly, and with certainty, determine the integrity of your system while it is still on-line, performing its normal operations.

ProDiscover® Incident Response utilizes an agent that runs on the suspect system to read the disk at the bit level. This enables ProDiscover® Incident Response to work around the suspect system's o/s and examine all files, even if they are hidden by Trojans or rootkits. It also prevents any valuable metadata, such as last time accessed, from being altered. ProDiscover® Incident Response can search the suspect system for over 400 known Trojans or rootkits. And, to insure the integrity of the o/s, ProDiscover® Incident Response can examine all files and compare their hash signature to the signatures of known good files from a user provided baseline or from the National Drug Intelligence Center Hashkeeper database. ProDiscover® Incident Response allows system administrators to be sure that they uncover any compromised files in the least intrusive manner.

If the system has been compromised, ProDiscover® Incident Response allows the system administrator to make a bit stream image of the disk for later analysis and restore the system to proper working order to get it back on-line quickly. The off-line analysis of the data is easy and allows evidentiary quality data to be provided to law enforcement agencies.

The off-line analysis of the data is easy and allows “evidentiary quality” data to be provided to law enforcement agencies.

Questions and Answers:

Support Policy:


Independent Validation:


System Requirements:


Each single end-user license purchased of ProDiscover® entitles a single user the right to use the ProDiscover® software. Copies of ProDiscover® may be installed on up to three machines provided, however, that only one copy is in use at any given time. ProDiscover® installations may also be moved as needed. See the ProDiscover® End-User License Agreement for details. Site and Enterprise licenses are also available for ProDiscover®.