ProDiscover® Forensics is a powerful computer security tool that enables computer professionals to find all the data on a computer disk while protecting evidence and creating evidentiary quality reports for use in legal proceedings.
Features and Benefits:
- Create Bit-Stream copy of disk to be analyzed, including hidden HPA section (patent pending), to keep original evidence safe.
- Search files or entire disk including slack space, HPA section, and Windows NT/2000/XP Alternate Data Streams for complete disk forensic analysis.
- Preview all files, even if hidden or deleted, without altering data on disk, including file Metadata.
- Maintain multi-tool compatibility by reading and writing images in the pervasive UNIX® dd format and reading images in E01 format.
- Support for VMware to run a captured image.
- Examine and cross reference data at the file or cluster level to insure nothing is hidden, even in slack space.
- Automatically generate and record MD5, SHA1 or SHA256 hashes to prove data integrity.
- Utilize user provided or National Drug Intelligence Center Hashkeeper database information to positively identify files.
- Examine FAT12, FAT16, FAT 32 and all NTFS file systems including Dynamic Disk and Software RAID for maximum flexibility.
- Examine Sun Solaris UFS file system and Linux ext2 / ext3 file systems.
- Integrated thumbnail graphics, internet history, event log file, and registry viewers to facilitate investigation process.
- Integrated viewer to examine .pst /.ost and .dbx e-mail files.
- Utilize Perl scripts to automate investigation tasks.
- Extracts EXIF information from JPEG files to identify file creators.
- Automated report generation in XML format saves time, improves accuracy and compatibility.
- GUI interface and integrated help function assure quick start and ease of use.
- Designed to NIST Disk Imaging Tool Specification 3.1.6 to insure high quality.