ProDiscover® Forensics is a powerful computer security tool that enables computer professionals to find all the data on a computer disk while protecting evidence and creating evidentiary quality reports for use in legal proceedings.

Features and Benefits:

  • Create Bit-Stream copy of disk to be analyzed, including hidden HPA section (patent pending), to keep original evidence safe.
  • Search files or entire disk including slack space, HPA section, and Windows NT/2000/XP Alternate Data Streams for complete disk forensic analysis.
  • Preview all files, even if hidden or deleted, without altering data on disk, including file Metadata.
  • Maintain multi-tool compatibility by reading and writing images in the pervasive UNIX® dd format and reading images in E01 format.
  • Support for VMware to run a captured image.
  • Examine and cross reference data at the file or cluster level to insure nothing is hidden, even in slack space.
  • Automatically generate and record MD5, SHA1 or SHA256 hashes to prove data integrity.
  • Utilize user provided or National Drug Intelligence Center Hashkeeper database information to positively identify files.
  • Examine FAT12, FAT16, FAT 32 and all NTFS file systems including Dynamic Disk and Software RAID for maximum flexibility.
  • Examine Sun Solaris UFS file system and Linux ext2 / ext3 file systems.
  • Integrated thumbnail graphics, internet history, event log file, and registry viewers to facilitate investigation process.
  • Integrated viewer to examine .pst /.ost and .dbx e-mail files.
  • Utilize Perl scripts to automate investigation tasks.
  • Extracts EXIF information from JPEG files to identify file creators.
  • Automated report generation in XML format saves time, improves accuracy and compatibility.
  • GUI interface and integrated help function assure quick start and ease of use.
  • Designed to NIST Disk Imaging Tool Specification 3.1.6 to insure high quality.

Download ProDiscover Basic [Free edition]

Permanent link to this article: