The picture files merely opened in picture preview. The product also did not detect the presence of any steganographed files. The password-protected files were not highlighted, and the investigator would only know their status after double-clicking on the file to open it in the external application. ProDiscover found many deleted executables, directory and picture files. ProDiscover recovered more deleted files than any other program, including some files that had supposedly been wiped using a program from a well-known manufacturer. Importing the image file into the tool was so quick that it was impossible to time. ProDiscover needed around three minutes to create a forensic image of a 1GB drive. The product is pretty feature-rich, but having internal viewers as opposed to loading the applications would be a time saver. The scripts can be handy to automate tasks that are routinely performed as part of a forensic investigation. ProDiscover allows for scripting of commands using Perl script programming language. Everything needed for forensic analysis is included in one clean interface that resembles Windows Explorer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |