ProDiscover Incident Response
Strengths: All the basic forensic tools plus incident response.
Weaknesses: Requires some experience with tools of this nature to get the full benefit.
Verdict: Fully functional network-based IT forensics tool with the ability of gathering evidence remotely across a network at an attractive price.
ProDiscover IR is a complete IT forensic tool that can access computers over the network (with agents installed) to enable media analysis, image acquisition and network behaviour analysis.
Other capabilities include the remote analysis of running processes, open files, open ports and services, and other network-based functions. This is an invaluable capability in an incident.
ProDiscover IR is fairly easy to use. Its complexity and granularity mean the user must have some experience of working with a program of this nature, but we quickly found ourselves moving through it with little trouble. The user interface is laid out much like other products in this category, and we could navigate around it with barely any trouble at all.
The product combines features for computer forensics with tools for complete incident response. It features all the basic IT forensic capabilities – full disk imaging, an ability to find hidden data, file metadata information, and hash-keeping, as well as gather data on disks across an entire network. All its features are built into one main interface that is quite task-efficient with all functionality in one place.
The program performed well under our tests. Once we became familiar with the layout of the interface, we found it was a powerful tool – able to fully image both the disk on our forensics test disk and a disk on a computer on our network.
We also found that it was quite efficient, with fast and accurate imaging. Remote agents are very small footprint.
Documentation is well laid-out with clear explanations of all the program features. Technology Pathways offers in-depth support on its website, including how to contact support via phone and email as well as an online forum.
This product is excellent value – comparable products are far more expensive. The features of a fully capable network-based computer forensics tool, along with the ability to gather evidence remotely make it excellent value. We rate this product as our best buy in the computer forensics product class.