ProDiscover Forensics

PRODISCOVER PROVIDES AFFORDABLE SOLUTIONS FOR

Whether you suspect your system has been hacked or are looking for discoverable evidence in a civil proceeding or criminal investigation. Designed to the National Institute of Standards Disk Imaging Tool Specification 3.1.6

ProDiscover Forensics is a powerful computer security tool that enables law enforcement professionals to find all the data on a computer disk while protecting evidence and creating evidentiary quality reports for use in legal proceedings.

ProDiscover is a disk forensics system which provides a host of features to capture and analyse disks. The product supports a wide variety of Windows, Linux and Mac file systems. ProDiscover ensures that both the capturing and analysis processes are performed by applying forensically sound methods. The resulting reports meet evidentiary quality requirements.

ProDiscover is integrated with a full text search engine, set of embedded viewers and hash comparison methods, all together providing an easy-to-use and yet powerful toolkit to forensic investigators. ProDiscover has been designed to satisfy the requirements of NIST Imaging Tool Specification.

Following are some of the key features of ProDiscover Forensics:​

• Preview and image disks.
• Preview and search suspect files to find evidence quickly and without altering any data or metadata.
• Automatically creates and records MD5, SHA1 and SHA256 hashes of evidence files to prove data integrity.
• Creates bit-stream copy of entire suspect disk, including hidden HPA section, to keep the original evidence safe.
• Maintains multi-tool compatibility by reading and writing images in the pervasive UNIX .dd format.
• Examine any or all of the following file systems:

1. 1. Windows: FAT12, FAT16, FAT 32 and all NTFS file systems including Dynamic Disk and Software RAID.
   2. Mac OS X: HFS, HFS+.
   3. Linux: EXT2, EXT3 and EXT4.
   4. Solaris: UFS

• Integrated graphics thumbnail viewer and registry viewer
• Integrated Outlook email viewer
• Integrated Internet History viewer
• Integrated Registry viewer
• Integrated Event Log viewer
• Extract Clusters / Files into Logical File Collections
• File / Cluster Cross Reference
• Import / Export .dd format images
• Add comments to evidence of interest
• Disk Wipe Capability
• Extracts EXIF information from JPEG files to identify file creators
• Linux boot disk provided to image systems without removing hard disk drive
• Automated report generation in XML format saves time, improves accuracy and compatibility
• GUI interface and integrated help function assure quick start and ease of use
• Designed to NIST Disk Imaging Tool Specification 3.1.6 to ensure high quality
• Support for VMware to run a captured image.