Product Information

ProDiscover IR v4.9

Vendor:

Technology Pathways

  • SC Magazine Recommended

Price:

£7,995

Quick Read

Strengths: A solid over-the-network computer forensics and incident response tool

Weaknesses: We would like a bit more extensive documentation to help users really exploit the power of the product

Verdict: If you need an over-the-network forensics tool at an affordable price, this is just the ticket. Recommended

Rating Breakdown

SC Lab Reviews

Reviews from our expert team

Features:
Documentation:
Value for Money:
Performance:
Support:
Ease of Use:
5/5

Summary

ProDiscover Incident Response is an over-the-network computer forensics tool. It connects to any computer that has the ProDiscover agent and performs a suite of forensic tests that can be scripted using ProScript, a variant of Perl. We like this product's flexibility and simplicity. For example, the notion of using Perl as the basis for ProScript makes sense because many information security and IT professionals are already proficient in Perl. A simple console-to-agent connection also provides simplicity and reduced cost over more complicated over-the-network acquisition schemes.

ProDiscover has kept the same solid user interface for years and of all of the computer forensic products we tested, we found this to be the easiest to use.

We thought that this product really exploits ProScript for its true power. We have scripted common requirements such as periodic remote acquisition and analysis, as well as more exotic ones such as performing vulnerability analysis during a forensic scan. ProScript is remarkably robust and flexible.

ProDiscover IR does a lot more than collect images or parts of images from remote computers. It can collect volatile data such as open and hidden files, running processes and open ports. It has the ability to run ongoing hash comparisons that help spot changes to critical files. Additionally, it can perform full live forensic analysis over the network.

The product is capable of handling most common file systems including Windows, Linux and Solaris Unix. It accepts DD images and can image RAM memory. You can also use it to capture and analyse the Windows registry. In general, this is a powerful incident response and proactive forensics tool. The agent footprint is extremely small and we have performed some types of analysis over the internet, which is far more difficult to do than to perform analysis over a LAN.

At £7,995 for the complete over-the-network product, ProDiscover IR is a very good buy. Support is solid, although it is an extra cost. Documentation is good, though not as extensive as we would like. For its very high value, ease of use and solid functionality we award ProDiscover IR our Recommended rating.

Reviews For This Vendor