ProDiscover Incident Response Feature

prodiscover incident response

ProDiscover Incident Response Feature (ProDiscover IR Edition only)

ProDiscover Incident Response Edition software is before incident happen & cal also be used when incident happens and it is a two way flowing computer forensic investigation and incident response security tool. It gives platform for investigators to quickly and thoroughly examine a live digital information which is on operating system or anywhere on a network.

ProDiscover Forensics or ProDiscover Incident Response is a powerful information security tool that enables computer forensics professionals to find all of the digital information on a computer disk and subsequently protect digital evidence and produces good evidentiary reports for use in legal proceedings.ProDiscover Forensics or ProDiscover Incident Response allows the invetigation of digital information without altering valuable metadata such as last-time accessed. ProDiscover Forensics or ProDiscover Incident Response can recover HDD & deleted files, Investigation of slack space, Analysis of Windows Alternate Data Streams, and dynamically allow a preview, forensics search and data acquisition of the Hardware Protected Area (HPA) of the disk.It is very difficult to hide data from ProDiscover Forensics or ProDiscover Incident Response because it reads the disk at the sector & cluster level.
ProDiscover Forensics or ProDiscover Incident Response allows a forensics search through the entire disk for keywords where regular expressions and phrases with full Boolean search capability to find the necessary digital information which is stored on digital device. Hash comparison feature can be used to find known illegal files or known-good files, e.g standard operating system files, by utilizing the included Hashkeeper database from the external sources.ProDiscover Forensics or ProDiscover Incident Response is  having best forensics search capability & it very fast and flexible, allowing a keyword search for words or phrases anywhere on the disk which includes the slack space.

Key features of ProDiscover Incident Response include the following:

  • Find Unseen Processes Investigation
  • Find Unseen Files Investigation
  • Create Baseline
  • Compare Baseline
  • Find Suspect Files Investigation
  • Process List Investigation
  • System State Investigation
  • Open/Connected IP Ports…
  • Designed specifically to meet requirements set in October 2001 by NIST (National Institute of Science and Technology) Disk Imaging Tool Specification 3.1.6
  • Create compressed image files to work from
  • Analyze Unix “dd” images of all supported file systems
  • The ability to image and conduct Live analysis of disks over any high speed TCP/IP network
  • Restore image files to disk
  • Supports non-destructive direct disk analysis
  • Search and analyze media from all of the different file systems simultaneously, including  FAT12, FAT16, FAT32, exFAT, all NTFS versions, CDFS,  Linux Ext.2/3/4, SUN Solaris UFS, and MAC OSX HFS+
  • Provides preview, imaging, and differenceing capabilities for Microsoft VSC snapshots.
  • View Windows Registry and add keys/name value pairs as evidence of interest
  • Bit stream copy disk to new disk (including ATA Protected Areas)
  • Create MD5 or SHA1 hash of images and files
  • Compare HashKeeper check sums to disk contents
  • Cross-reference file clusters between content-view (files) and cluster-view
  • Detect operating system installed
  • Project file is XML formatted
  • Analyze file header signatures to file extensions and detect mismatches
  • I/O error reporting
  • Report generation
  • Bates number and batch transfer evidence of interest
  • Analysis is completely non-destructive  and does not modify evidence in any way
  • Extensive search capability
  • Recover deleted files contained in slack space
  • Secure Wipe Disk
  • No dongles
  • Online Help
How to recover Master File Table

How to recover Master File Table

Live Evidence Investigation
Live Evidence Investigation

  Live Evidence Investigation Project Name: Live Evidence Investigation Description: Live Evidence Investigation is a very difficult level of sophisticated job. In this blog we will try to understand step by step guide to concepts of Live Evidence Investigation. Author: Rohit D Sadgune Summary of Contents ·         RAM Forensics Basic …

prodiscover forensics
How to use ProDiscover

How to use ProDiscover   Project Name: How to use ProDiscover Description: Step by step guide to How to use ProDiscover Incident Response customization Author: Rohit D Sadgune Summary of Contents In this blog we will learn following things How to start prodiscover incident response How to use ProDiscover Project …

%d bloggers like this: