Difference between revisions of "ProDiscovery"

From ForensicsWiki
Jump to: navigation, search
 
m (Reverted edits by GueIak (Talk); changed back to last version by Pw)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
=ProDiscovery=
 +
 +
This tool from Tech Pathways will gather data from most major file systems and perform some analysis.
 +
 +
[http://www.techpathways.com/ProDiscoverDFT.htm website]
 +
 +
  
  
Line 4: Line 11:
  
 
==File Systems Understood==
 
==File Systems Understood==
 +
 +
* FAT12, FAT16, FAT32
 +
* NTFS
 +
* Solaris UFS
 +
* Linux ext2/ext3
  
 
==File Search Facilities==
 
==File Search Facilities==
 +
 +
* Uses a set of Perl scrypts.
  
 
==Historical Reconstruction==
 
==Historical Reconstruction==
Line 22: Line 36:
 
==Evidence Collection Features==
 
==Evidence Collection Features==
  
Can it sign files? Does it keep an audit log?
+
* Generates an XML-based report about the analysis.
  
=History=
 
  
Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.
+
=History=
  
 
==License Notes==
 
==License Notes==
  
Is it commercial or open source? Are there other licensing options?
+
Commercial.
 +
 
 +
"Each single end-user license purchased of ProDiscover® entitles a single user the right to use the ProDiscover® software. Copies of ProDiscover® may be installed on up to three machines provided, however, that only one copy is in use at any given time. ProDiscover® installations may also be moved as needed. See the ProDiscover® End-User License Agreement for details. Site and Enterprise licenses are also available for ProDiscover®."
  
 
= External Links =
 
= External Links =
  
EnCase Homepage - http://www.guidancesoftware.com/lawenforcement/ef_index.asp
+
[http://www.techpathways.com/ProDiscoverDFT.htm website]
 +
 
  
 
==External Reviews==
 
==External Reviews==

Latest revision as of 23:36, 10 June 2007

ProDiscovery

This tool from Tech Pathways will gather data from most major file systems and perform some analysis.

website



Features

File Systems Understood

  • FAT12, FAT16, FAT32
  • NTFS
  • Solaris UFS
  • Linux ext2/ext3

File Search Facilities

  • Uses a set of Perl scrypts.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?

Evidence Collection Features

  • Generates an XML-based report about the analysis.


History

License Notes

Commercial.

"Each single end-user license purchased of ProDiscover® entitles a single user the right to use the ProDiscover® software. Copies of ProDiscover® may be installed on up to three machines provided, however, that only one copy is in use at any given time. ProDiscover® installations may also be moved as needed. See the ProDiscover® End-User License Agreement for details. Site and Enterprise licenses are also available for ProDiscover®."

External Links

website


External Reviews