![]() Overall, we think ProDiscover IR is a good package. Fortunately, there is quite good help at the vendor's website, but we expect better from a product in this space, even if its core features are intuitive to anyone with basic forensic experience. We received no documentation, and the online help didn't work. A scripting language, complete with a perl API, is a particularly nice touch. Remote systems are easily connected and investigated, with Twofish encryption used to keep the link secure. We liked the elegant simplicity of the software, especially when creating and comparing systems against baseline images. Images are kept in a proprietary format, or in the Unix dd format, and images can also be converted between the types. Similarly, the registry can be collected and analyzed. RAM can also be captured and imaged the same way, and while none of the file analysis works (obviously, there are no files), direct examination of the data in memory can be a very useful feature. Many file systems are supported, including various Unix/Linux types, RAID systems and protected HPA disk areas. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |