For: Easy to use for a single-system forensic investigation
Against: Greater flexibility for evidence sources would help
Verdict: A solid forensic application that is above average for this kind of package
ProDiscover allows for scripting of commands using Perl script programming language. The scripts can be handy to automate tasks that are routinely performed as part of a forensic investigation. The product is pretty feature-rich, but having internal viewers as opposed to loading the applications would be a time saver.
ProDiscover needed around three minutes to create a forensic image of a 1GB drive. Importing the image file into the tool was so quick that it was impossible to time. ProDiscover recovered more deleted files than any other program, including some files that had supposedly been wiped using a program from a well-known manufacturer.
ProDiscover found many deleted executables, directory and picture files. The password-protected files were not highlighted, and the investigator would only know their status after double-clicking on the file to open it in the external application. The product also did not detect the presence of any steganographed files. The picture files merely opened in picture preview.
Since ProDiscover is designed to read an imaged system disk rather than individual files as inputs, we were unable to test it against VMWare disk files to ascertain if it would view the VMWare file as a flat file or a virtual file system.
The installation was as easy as for any offering in this group. The solution installed from a downloaded file (around 100MB), which set up the ProDiscover program as well as ActivePerl for forensic scripting on the system. The licence file was copied to the program directory and the installation was done.
The help file is above average and covers most of the common usage of the product. Reading the first few sections will provide the knowledge to perform basic tasks with the system.
At a price of almost US$13,000, this product seems a little pricey for just software. However, we find it to be a good value for the money based on its ease of use and highly comprehensive feature set. Even at this price it is an order of magnitude under its competitors.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
