ProDiscover Incident Response 7.4
Strengths: Simple setup, quick imaging, great support and ease of use
Weaknesses: Trade-off of quick imaging with longer times to open specific folder/file paths
Verdict: The software is great for larger companies that have a need for the imaging and analysis of numerous computers
ProDiscover Incident Response (IR) from Technology Pathways is a computer security tool that allows users to preview, image, view, search, analyse and report. It also provides solutions for corporate policy compliance investigation, e-discovery and computer forensics. It gives the user the capability to find data on a computer, while protecting it from being altered. Reports can then be created, organised and documented.
In order to run this software, the user must have a computer that uses a 1.2 GHz processor or faster and has at least a 2GB hard drive with a minimum of 500MB of unallocated disk space. The computer must also have a CD-ROM or DVD-ROM drive, a VGA or high-resolution monitor, and a keyboard and mouse for compatible pointing. The software that this program requires is Windows 2000/2003/2008/XP/Vista/7/8. Strawberry Perl is also needed, but it is included with the installation.
To install ProDiscover IR, one uses a provided CD that contains an automated setup program that guides the user through the installation process, or one can order it online, which allows a virtual installation. The process was easy to conduct with the aid of the manual provided. The support online and over the phone allows a user with no professional training to conduct investigations efficiently and effectively. Though professional training is recommended, the program's interface makes navigation and interactivity easy for the new user.
If any questions arise, ProDiscover has a solid, free online manual that provides step-by-step instructions with visual aids. If a problem arises that is too complex, one can call the support line. A support technician will be on hand to guide the user step-by-step with clear and precise instructions to find a resolution to the problem. If the issue is not an immediate concern, one can use the tech support email address and check back on the problem later.
ProDiscover IR features an impressive array of tools to help an investigator. Some of the capabilities included are: search capabilities, automatic report generation, compressing image files and NIST requirements, and regulations regarding disk imaging tool specification 3.1.6. All of these features help the user efficiently carry out an investigation and validate investigative reports.
ProDiscover uses project-based reporting systems that log bookmarked data sets by the user. The reports are self-generated by the program, but allow the user to make comments and notes in reference to the material. The program images quickly, but on more thorough analysis of the specific aggregated data, the processing time was slower than desired.
In conclusion, the software was helpful in maintaining project organisation, while keeping a simple point-and-click GUI. Technology Pathways proved to be helpful with its website and online support systems. While the software imaged quickly, loading the information specified by the user, it processed at a slower than desired rate.
Though it may seem pricey, ProDiscover IR is a valuable investment serving as a beneficial tool to any forensic investigator.