Transcript Using Pro Discover

By: Tom Maloney
Overview
 What is ProDiscover
 What it can be used for
 A few quick tools
 A real example
 ProDiscover vs. ENCASE
 ProDiscover IR
 Applications
 Conclusion
What is ProDiscover
 A program, released in 2002
 Used to read the contents of a disk
 Uses a GUI interface
 Combines older methods used through DOS to easily
access and read disk drives
 Reads and makes a copy of the disk’s contents without
altering any data
What ProDiscover is used for
 Computer Forensics
 View Deleted files
 Search for contents of a disk
 Retrieve a file that was accidentally deleted
Tools
 Copy image
 Report
 Search
 Content
 Internet
 Events
 Cluster
ProDiscover Basic vs. ENCASE
Enterprise
 Cost
 Encase-Approx $3,000
 Pro Discover- Free
 Can accomplish the same things however each has a
few different tools
 ENCASE Enterprise can actually read information over a
network using P2P
 Pro Discover needs to have a disk present to view
ProDiscover IR
 Able to read over a network
 Cost- Approx- $2200
 Able to read files with MAC OS
How can we use it
 Police work
 Accepted in court cases
 Allows For a company to delete old information so a cracker can not
find it in the back logs
 Can be used to complete a secure disk wipe
 Host Computer Security
 Helps insure integrity

If you think a file has been destroyed or altered you can access
the original file
Conclusion
 What ProDiscover Is
 What it can be used for
 Tools
 An example of operation
 ProDiscover vs. Encase
 ProDiscover IR
 How we can use it
Citations
 Torres, Erik. "ProDiscover6_Brief_Tutorial." YouTube.
YouTube, 11 Nov. 2011. Web. 06 Oct. 2013.
 "ProDiscover® Forensics - Disk Forensics
Tool." ProDiscover® Forensics - Disk Forensics Tool.
N.p., n.d. Web. 06 Oct. 2013.
 "Computer Forensic Software - Encase
Forensic." Computer Forensic Software - Encase
Forensic. N.p., n.d. Web. 06 Oct. 2013.