A previous favourite in over-the-network forensics returns once again. Technology Pathways' ProDiscover Incident Response (IR) v5.5 offers a clean interface and a strong forensics feature set. It has all the traditional forensic capabilities, but really shines when those features are carried out over the network. Additionally, the tool's integrated ProScript functionality allows investigators to quickly initiate common - or not so common - tasks, easily and efficiently.
Pushing out the tool's remote agent makes deployment as simple as possible. Additionally, this agent can be set to run in stealth mode, to avoid tipping anybody off.
Once deployed, the agent allows for the collection and analysis of numerous types of data. Of course, a full image of the target can also be acquired. It is worth noting that the live analysis now supports capturing RAM in Windows Vista and Server 2008. Another addition is the ability to search via pattern matching wildcards.
The built-in viewers and logical evidence structure make the tool easy to use and we feel that ProDiscover Incident Response is a product well suited for the investigative process.
The manuals that accompany the product are comprehensive and in-depth. Although many of the functions of the tool are self-explanatory, the documentation provides step-by-step instructions for a large number of tasks that can be performed by the tool. Additionally, there is a guide to help users begin to code for the ProScript interface.
Support for ProDiscover Incident Response is still fee-based, and there is no option for a web-based solution. The website houses a forums section, as well as product documentation and downloads.
With a price of £12,995, ProDiscover Incident Response is at the top of the range for software. Despite this, there is no doubt that the product is great value. Any product that can provide as many features as ProDiscover IR in such a logical manner is well worth the price. We make it our Recommended product this month.