Technology Pathways ProDiscover Incident Response 6.9
Strengths: Solid, over-the-network incident response tool that combines the right kinds of forensics with a lightweight agent at the endpoint.
Weaknesses: None that we found.
Verdict: This one is a good bet for an enterprise-wide incident response tool. It continues to be SC Lab Approved.
SummaryThere are a lot of good and some not-so-good computer forensic tools. Some are commercial tools and some are open source. ProDiscover Incident Response is one of the good ones and it is just the ticket for doing exactly what its name says: incident response. One of the challenges for today's incidents is capturing the forensic data off of compromised computers while maintaining forensic integrity. This requires an endpoint agent, and in today's environments, that agent better have a pretty slim footprint. ProDiscover IR is all of that.
At its heart, ProDiscover IR is a computer forensic program that analyzes the computer media. However, its strength lies in its ability to do that over the network while having a minimum impact on the computer under analysis. Each of the major computer forensic, over-the-wire tools have the same general capabilities. Where the differentiators come in are subtleties that vary from product to product. In ProDiscover IR, there are plenty of those.
The agents can be rolled out in a stealth manner to avoid calling attention to the fact that the computer is monitored. Its process can be hidden as well. The agent can run as a process or as a program and can be started automatically on boot-up.
Though a bit pricey, ProDiscover IR offers a lot of bang for the buck and is priced reasonably given that the agents are free.
Technology Pathways has first-rate support, and the documentation is a paper manual with a lot of information. Supplemented by a comprehensive help file, we put the documentation at the top of the heap.