Technology Pathways ProDiscover Incident Response v6.1
Strengths: Feature-rich, straightforward incident response forensic tool.
Weaknesses: None that we could find.
Verdict: ProDiscover IR v6.1 from Technology Pathways is a forensics powerhouse with excellent features and interface. Again this year, we make this one SC Magazine Lab Approved.
This state-of-the art digital forensics tool from Technology Pathways is out in a new release. Like previous versions, ProDiscover Incident Response v6.1 allows users to collect and analyze data from a hard drive, an image or over the network. The changes from the previous version include the removal of support for Windows 9x systems, with support of exFAT and lots of other new features.
ProDiscover does a very good job of capturing an image over a network or when directly connected to a hard drive. One of the tested hard drives had already been formatted, yet corrupted and deleted files were found. A little more than the minimum 1GB RAM is required to install the program.
There is plenty of information describing the features that are available in the most current version of ProDiscover. The quick installation guide will, as promised, quickly instruct the most unknowledgeable person on how to get started. After installation, the help file provides easy reference and points out features that are not yet available on the most current operating systems. Throughout our testing, we found all problems could be solved using the help file.
The software is extremely easy to use. The interface is intuitive and the help file walks users through each task. The learning curve is fairly low to become proficient with the program. Most features are accessible with just a few clicks.
Features include capturing and adding images created by ProDiscover, EnCase E01 files or Unix dd. The software performs as expected and is very easy to use, stable and effective. A standout feature is the tool's ability to deploy a remote client that allows live forensics. The client can also run in stealth mode, but it requires physical access to the client. ProDiscover also includes the Pearl scripting language. Another standout feature is the ability to do email carving from Outlook data files.
The support website includes an online version of the help feature (which exactly matches the software version), a community forum and a download of the 6.1 release update. Users can provide feedback or ask for support via email or over the phone. Technology Pathways offers eight-hours-a-day/five-days-a-week support for $1619.10.
Considering the tool's capabilities and network coverage, it is easily worth the $8,995.