Technology Pathways ProDiscover Incident Response v7.1.0.5

Powered by SC Magazine
 

Technology Pathways ProDiscover IR v7.1.0.5 aims to provide streamlined previews, imaging and analysis of live systems.

With an increasing base of support for a number of file systems (including HFS+ in v7.0.0.3) and formatting types, ProDiscover is quickly finding its way into the toolkits of many digital investigators. ProDiscover IR 7.1.0.5 is built on a highly successful platform that has a marked history in forensic analysis. This success is attributed to many imaging, analysis and reporting features packed into the software - most notably, its ability to image remotely (with a stealth option) through a twofish-encrypted TCP/IP connection using globally unique identifiers without interrupting a live system.

The common thread for all past ProDiscover IR reviews in SC Magazine has been ease of use and flexibility, and this review is no exception. From installation to testing, we experienced few problems. The software was easy to use and the graphical user interface (GUI) was easy to navigate. With a basic understanding of forensics, one can accomplish many things with this tool. For testing, we followed all instructions in the provided manual - even though many were no-brainers owing to the intuitive nature of the GUI. ProDiscover IR was able to image and preview all advertised file systems without issue, either fixed or remotely. "Stealth mode" held true to its name as the agent was installed undetected in the target system's directory without visibility on the program bar or tray area. We also enjoyed the customizable report generator, which further added to the efficiency of this program.

The only instance where we encountered a challenge was during analysis. We experienced multiple freezes and crashes when navigating around the project tree, all of which were properly documented in crash dump files. These could have been related to the size of the memory on our test computer. In the case of our test machines, we were running Windows XP in a 32-bit configuration.

ProDiscover's ProScript highlighted this software's true potential. The ProScript Perl engine changed to Strawberry Perl in v7.1.0.0, which made it easier to use on Windows machines through the MinGW (Minimalist GNU for Windows). Technology Pathways provides basic tutorials for ProScript, which helpfully supplements and supports users who may not be so familiar with Perl. All in all, we found its operations ran parallel to its advertised functionality, albeit it was a little touchy with crashes.

Documentation that came with this product was satisfactory. Everything was easy to read and understand. The section headers and content were logically placed, direct and helpful. Support has not changed markedly from past reviews: no-cost 30-day warranty with an optional fee-based "annual software maintenance" (including software updates and telephone/email assistance) at $1,619.10. Aside from this option, the website provides an extensive knowledge base, complete with advanced tips and essential ProScript code snippets. Given the flexibility, utility and range of tools, $8,995 is reasonable for any mid- to large-sized company.

Copyright © SC Magazine, US edition


Technology Pathways ProDiscover Incident Response v7.1.0.5
 
:
Overall Rating
Verdict:
An excellent product that is streamlined and ideal for collection prior to full investigation. Again this year, ProDiscover IR is selected as SC Lab Approved.
Product Info
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 488

Vote