1. By: Tom Maloney

2. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications Conclusion

3. What is ProDiscover A program, released in 2002 Used to read the contents of a disk Uses a GUI interface Combines older methods used through DOS to easily access and read disk drives Reads and makes a copy of the disk’s contents without altering any data

4. What ProDiscover is used for Computer Forensics View Deleted files Search for contents of a disk Retrieve a file that was accidentally deleted

5. Tools Copy image Report Search Content Internet Events Cluster

10. ProDiscover Basic vs. ENCASE Enterprise Cost Encase-Approx $3,000 Pro Discover- Free Can accomplish the same things however each has a few different tools ENCASE Enterprise can actually read information over a network using P2P Pro Discover needs to have a disk present to view

11. ProDiscover IR Able to read over a network Cost- Approx- $2200 Able to read files with MAC OS

12. How can we use it Police work Accepted in court cases Allows For a company to delete old information so a cracker can not find it in the back logs Can be used to complete a secure disk wipe Host Computer Security Helps insure integrity If you think a file has been destroyed or altered you can access the original file

13. Conclusion What ProDiscover Is What it can be used for Tools An example of operation ProDiscover vs. Encase ProDiscover IR How we can use it

14. Citations Torres, Erik. "ProDiscover6_Brief_Tutorial." YouTube. YouTube, 11 Nov. 2011. Web. 06 Oct. 2013. "ProDiscover® Forensics - Disk Forensics Tool." ProDiscover® Forensics - Disk Forensics Tool. N.p., n.d. Web. 06 Oct. 2013. "Computer Forensic Software - Encase Forensic." Computer Forensic Software - Encase Forensic. N.p., n.d. Web. 06 Oct. 2013.