Welcome to ProDiscover® 6.1
The ProDiscover® Family of computer security tools enables systems administrators, consultants, and investigators find the data they need on a computer disc. Whether you suspect your system has been hacked or are looking for discoverable evidence in a civil proceeding or criminal investigation, ProDiscover® will make your job easier, improve your productivity, and preserve the data needed for any legal proceedings. Designed to the National Institute of Standards Disk Imaging Tool Specification 3.1.6, the ProDiscover® Family provides affordable solutions for:
Incident Response
Quickly and positively identify intrusions to your systems without taking your system down. Get any corrupted system back on-line quickly and gather the evidence needed to prosecute an intruder.
Corporate Policy Compliance Investigation
Check for policy violations or conduct internal investigations remotely through your company's network.
e-Discovery
Improve your productivity and insure compliance in any civil discovery action. Quickly search large data sets and find the documents you need. Preserve critical "last accessed" metadata and document your results.
Computer Forensics
Find all the data, even in hidden HPA section, Alternate Data Streams or slack space. Create hash signatures for all files and compare them to the information from the National Drug Intelligence "Hashkeeper"database. Automatically generate reports and "evidentiary quality" information that will hold up in court.
The ProDiscover® Family of computer security tools include:
ProDiscover® Forensics
Offering forensics examiners a completely integrated Windows™ application for the collection, analysis, management and reporting of computer disk evidence at an affordable price. ProDiscover for Forensics edition supports all Windows based file systems including FAT 12/16/32 and NTFS Dynamic disks in addition to file systems such as SUN Solaris UFS and Linux Ext 2/3. ProDiscover Forensics is completely scriptable using the ProScript interface and Perl.
ProDiscover® Incident Response
ProDiscover Incident Responce takes the ProDiscover Forensics workstation product and turns it into a fully client server application allowing disk preview, imaging and analysis over any TCP/IP network. The remote agent can be easily push out, installed and started from the ProDiscover console among the many other ways it can be utilized. In addition to being a full client server application and allowing live disk preview, imaging and analysis, ProDiscover IR includes advanced tools for Incident Response of cyber attacks. ProDiscover Incident Response includes full support for indexed based search and live mounting or imaging of any and all Volume Shadow Copies in Windows based systems.
Please note that all versions of ProDiscover are forensics products which take a least-intrusive approach to working with disk evidence. ProDiscover® implements it's own read-only file system viewers and does not rely on the underlying operating file system for analysis of evidence.
When ProDiscover® is launched, the user is asked to perform one of the following tasks:
By default project files are saved to the ProDiscover® installation directory with the file extension (*.dft). Project files are kept in XML format allowing users to parse the file with other applications to create custom reports from a variety of applications. The current ProDiscover® XML Schema can be found in the default application installation directory.
