• home
• services
• software
• news
• about us
• contact us

• Educational Software
• VFC
• Prodiscover
• Prodiscover Investigator
• Prodiscover Incident Response
• Prodiscover Comparison
• Prodiscover Training
• Prodiscover Review - SC Magazine
• OnlineDFS
• SIS
• PM Examiner
• Mount Image Pro

ProDiscover

ProDiscover is a true forensic software application. This means that the evidence gathered with ProDiscover can be used in a court of law. There are four key factors in forensic software that make the difference when it comes to court acceptance.

1. No Data Alterations: ProDiscover will not alter any data on the disk. In accessing the data, ProDiscover accesses the suspect disk in a read-only fashion at the lowest level (disk sector reads). It is not capable of writing to the disk.
2. Maximum Data Access: ProDiscover takes this raw data and rebuilds it into files using an internal file viewer so that you see all the data, including slack space, meta files, alternate data streams and more.
3. Proof of Authenticity: ProDiscover generates MD5 or SHA1 hash signatures for any evidence gathered. These signatures can be used at any time to prove that the data has not been altered from its original form after it was captured.
4. Scientific community verification: ProDiscover has been reviewed by several recognized forensic practitioners who have verified its accuracy.

ProDiscover has been used in both criminal and civil court cases.

Remote Capability

ProDiscover can remotely examine the disk drive of a live system in your network just as if you had removed it from the system and connected it to the forensic workstation. This allows you to check a suspect system for any compromise without losing valuable up time. And, with ProDiscover’s stealth mode, you can perform confidential internal investigations.

Trojan and Rootkit Detection

The latest generation of Trojans and rootkits actually subvert the operating system to cloak themselves on your system. They alter kernel mode system calls such as ZwQueryDirectoryFile and ZwSystemInformationQuery so that they will not be visible to any user mode applications. This means other virus or Trojan protection software will not be able to detect these Trojans. ProDiscover accesses the disk below the level of the rootkit to give you access to all the data, even files being cloaked by Trojans or rootkits. ProDiscover even uses the cloaking behavior of these Trojans and rootkits to actually locate them quickly. By comparing all the files ProDiscover can see to the files the suspect system can see, any cloaked files can be immediately identified.

For further information on ProDiscover please download the Powerpoint Presentation.

ProDiscover comes in four different versions. For information on each version please click on the links below or to compare features please see the Comparison Chart.