ProDiscover Incident Response (IR) is a tried and true favorite in the forensics sector. This product focuses mostly on doing forensic-based analysis across the network on a computer while it is live -- without being detected. This allows quick and direct incident analysis, either after an incident has taken place or while it is happening. With this product, investigators can create images of disks and memory, or detect hidden trojans and rootkits.
As we have found in the past, this product is fairly easy to use and not much has changed since the last time we saw it. The look of the program itself is the same. It has an easy-to-navigate tree structure similar to using Windows Explorer. Most tasks are done by a few simple clicks of the mouse and data can be found quickly and easily. However, it is one of the four most useful tools you will find when responding to a digital incident.
In the world of live forensics, this is a solid product. It includes many viewers that make doing forensic investigations quick and easy. Not only does this product allow examination of files and folders on a disk, but an investigator can also look inside internet history files and view the registry of a machine. ProDiscover IR provides the ability to be as granular as needed quickly and effectively.
This product comes with two manuals. The first is a user manual. This piece of documentation covers the product from A-Z starting at installation and going through, in great detail, all of its many features. This manual also features many screen shots and clear step-by-step instructions. The second manual is the ProScript API manual. This guide helps user’s code scripts, which can be leveraged by ProDiscover’s Perl script base.
Support for this product is based on an annual maintenance subscription and includes phone and email support from Technology Pathways. There is also a small support area on the website, which includes product downloads, a support forum and product documentation.
At a price of almost $13,000, this product seems a little pricey for just software. However, we find it to be a good value for the money based on its ease of use and highly comprehensive feature set. Even at this price it is an order of magnitude under its competitors.