![]() ![]() Let us first describe what we mean by a drive image copy, a disk image is a file that contains the exact same data and structure information as the original one, we can have this image through performing a sector-by sector image copy of the original disk, in this way we perform a replication of the same original disk. The first thing we need to do when conducting computer investigations is to have a copy of the suspect drive, in this tutorial Iam going to show you how to use ProDiscover basic software tool to acquire and analysis a suspect drive. The extensive online help capability and easy-to-use GUI interface make ProDiscover Forensic startup process simple and easy.Windows XP, Vista, Win 7, server 2008 (all versions)Īll Windows based file systems including FAT 12/16/32/exFAT and NTFS Dynamic disks in addition to file systems such as SUN Solaris UFS and Linux Ext 2/3/4, and Mac OSX HFS+ ProDiscover Forensic’s powerful search capability is fast and flexible, allowing a search for words or phrases anywhere on the disk, including the slack space. Hash comparison capability can be used to find known illegal files or to weed out known-good files, such as standard operating system files, by utilizing the included Hashkeeper database from the National Drug Intelligence Center. ProDiscover Forensic allows a search through the entire disk for keywords, regular expressions, and phrases with full Boolean search capability to find the necessary data. It is not possible to hide data from ProDiscover Forensic because it reads the disk at the sector level. ProDiscover Forensic can recover deleted files, examine slack space, access Windows Alternate Data Streams, and dynamically allow a preview, search, and image-capture of the Hardware Protected Area (HPA) of the disk utilizing its own pioneered technology. By using industry-best practices and a least-destructive methodology approach, ProDiscover Forensic allows the examination of files without altering valuable metadata such as last-time accessed. ProDiscover Forensic is a computer security tool that enables computer professionals to locate all of the data on a computer disk and at the same time protect evidence and create quality evidentiary reports for use in legal proceedings. The ARC Group’s next-generation solution to cyber crime is backed by industry-leader, ProDiscover. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |