Strengths: Highly comprehensive feature set for doing live forensics across a network
Weaknesses: Could use a bit more in the support area, but that is nitpicking
Verdict: If you are looking for an over-the-network forensics tool, this is the one
SummaryProDiscover Incident Response is a tried-and-tested favourite in the forensics sector. This product focuses mostly on doing forensic analysis across the network on a computer while it is live without being detected. This allows quick and direct incident analysis either after an incident has taken place or while it is happening. With this product investigators can create images of disks, memory, or detect hidden Trojans and rootkits.
As we have found in the past, ProDiscover is fairly easy to use, and not much has changed since we last saw it. The look of the program itself is the same, with an easy-to-navigate tree structure similar to using Windows Explorer.
Most tasks are done through a few simple clicks of the mouse and data can be found quickly and easily. However, it is one of the most useful tools you will find when responding to a digital incident.
In the world of live forensics, this is a solid product. It includes many viewers that make conducting forensic investigations quick and easy. Not only does this product allow examination
of files and folders on a disk, but an investigator can also look inside internet history files and view the registry of a machine. ProDiscover IR provides the ability to be as granular as needed quickly and effectively.
The two accompanying manuals include a user guide that covers the product from A-Z, starting
at installation and going through all of its many features in great detail. It features many screenshots and offers clear step-by-step instructions. The second part of the documentation is the ProScript API manual. This helps users code scripts that can be leveraged by ProDiscover's Perl script base.
Support is based on an annual maintenance subscription and includes phone and email assistance from Technology Pathways. There is also a small support area on the website that features product downloads, a support forum and product documentation.
At a price of almost £13,000 this product seems a bit pricey for software. However, we consider it good value for money based on its ease of use and highly comprehensive feature set. Even at this price it is an order of magnitude compared to its competitors.