A previous favorite returns once again in the over-the-network forensics category. Technology Pathways ProDiscover Incident Response (IR) v5.5 offers a clean interface and a strong forensics feature set. The product has all the traditional forensic capabilities, but it really shines when those features are carried out over-the-network. Additionally, the tool's integrated ProScript functionality allows investigators to quickly initiate common tasks, as well as not so common tasks, easily and efficiently.
Pushing out the tool's remote agent makes deployment as simple as possible. Additionally, this agent can be set to run in stealth mode in order to avoid tipping anybody off. Once deployed, the agent allows for the collection and analysis of numerous types of data. Of course, a full image of the target can be acquired as well. It is also worth noting that the live analysis now supports capturing RAM in Windows Vista and Server 2008. Another addition we like is the ability to search via pattern matching wildcards.
The built-in viewers and logical evidence structure make the tool easy to use. It is well suited for the investigative process.
The manuals are comprehensive and in-depth. Although many of the functions are self-explanatory, the documentation provides step-by-step instructions for a large number of tasks. Additionally, there is a guide to help users begin to code for the ProScript interface.
Support is still fee-based, and there is no option for a web-based solution. The website houses a forums section, as well as product documentation and downloads.
With a price of $12,995, this product is at the top of the range for software. Despite this, there is no doubt that the product is a great value. Any product that can provide as many features in such a logical manner as ProDiscover IR is well worth the price.