Using Pro Discover
Download
Report
Transcript Using Pro Discover
By: Tom Maloney
Overview
What is ProDiscover
What it can be used for
A few quick tools
A real example
ProDiscover vs. ENCASE
ProDiscover IR
Applications
Conclusion
What is ProDiscover
A program, released in 2002, used to read the contents
of a disk
Uses a GUI interface and combines older methods
used through DOS to easily access and read disk drives
Reads and makes a copy of the disk’s contents without
altering any data
What ProDiscover is used for
Computer Forensics
View Deleted files
Search for contents of a disk
Retrieve a file that was accidentally deleted
Tools
Copy image
Report
Search
Content
Internet
Events
Cluster
ProDiscover Basic vs. ENCASE
Enterprise
Cost
Encase-Approx $3,000
Pro Discover- Free
Can accomplish the same things however each has a
few different tools
ENCASE Enterprise can actually read information over a
network using P2P
Pro Discover needs to have a disk present to view
ProDiscover IR
Able to read over a network
Cost- Approx- $2200
Able to read files with MAC OS
How can we use it
Police work
Accepted in court cases
Recover data
Conclusion
What ProDiscover Is
What it can be used for
Tools
An example of operation
ProDiscover vs. Encase
ProDiscover IR
How we can use it
Citations
Torres, Erik. "ProDiscover6_Brief_Tutorial." YouTube.
YouTube, 11 Nov. 2011. Web. 06 Oct. 2013.
"ProDiscover® Forensics - Disk Forensics
Tool." ProDiscover® Forensics - Disk Forensics Tool.
N.p., n.d. Web. 06 Oct. 2013.
"Computer Forensic Software - Encase
Forensic." Computer Forensic Software - Encase
Forensic. N.p., n.d. Web. 06 Oct. 2013.