ProDiscover Incident Response 6.1
Strengths: Feature-rich, straightforward incident response forensic tool
Weaknesses: Nothing that we could find
Verdict: ProDiscover IR 6.1 is a forensics powerhouse with excellent features and interface. We make it Approved for SC Labs again this year
This state-of-the art digital forensics tool from Technology Pathways is out in a new release. ProDiscover Incident Response (IR) allows users to collect and analyse data from a hard drive, an image or over the network.
The changes from the previous version include support of exFAT and removed support of Windows 9x systems.
ProDiscover does a very good job of capturing an image over a network or when directly connected to a hard drive. One of the tested hard drives had already been formatted, yet corrupted and deleted files were found. A little more than the minimum 1GB RAM is required to install the program.
There is plenty of information describing the features that are available in the most current version of ProDiscover. The quick installation guide will instruct the most unknowledgeable person on how to get started. The help file provides easy reference and points out features that are not yet available on the most current operating systems. Throughout our testing we found no problems that could not be solved using the help file.
The software is extremely easy to use and the interface is intuitive. The learning curve is fairly low in order to become proficient with the program. Most features are accessible with just a few clicks.
Features include capturing and adding images created by ProDiscover, EnCase E01 files or Unix dd. The software performs as expected, as it was very easy to use, stable and effective. Two standout features are the ability to do email carving from Outlook data files and the ability to deploy a remote client that allows live forensics. It can also run in stealth mode, but requires physical access to the client. ProDiscover also includes Pearl scripting language.
The support website includes an online version of the help feature that matches the software version, a community forum and a download of the 6.1 release update. Users can provide feedback or ask for support via email or over a phone. Technology Pathways offers annual 8/5 support for a fee.*
Considering the tool's capabilities and network coverage it is easily worth the price.
*In the US. Contact regional offices for local support details.