The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Monday, August 04, 2008
ProDiscover 5 is out!
Technology Pathways announced today that ProDiscover 5.0 is now available! Updates include:
- Added the ability to investigate, extract, and report on Microsoft client email formats including Outlook and Outlook Express.
- Added the ability to read and add E01 (Expert Witness) formatted images.
- Added UNICODE support and localization for Japanese and Chinese character sets.
- Improved Microsoft Vista support for remote agent and client.
- Improved overall file I/O and Hashing performance.
- Fixed issue with random crash during content searches of specifically formatted images.
- Fixed long path issue effecting extraction of very long path items of interest from images.
If you're not a licensed user of ProDiscover, you can try out the Free Basic Version.
I've enjoyed using ProDiscover IR for a number of years now, to the point of using FTK Imager to convert EnCase .E0x files to dd format (which, apparently, I would no longer need to do) in order to open the case in ProDiscover. PD uses Perl as its scripting language, which for me, really rocks! The interface for PD 5 hasn't seen any radical changes, which is good...firing it up for the first time, I saw a lot of the familiar settings, with some additions of new ones, particularly the Email Viewer.
Labels:
analysis,
ProDiscover
Subscribe to:
Post Comments (Atom)
1 comment:
Thanks for the info. I'm looking for a good forensic platform, now that ILook has gone by the wayside. I'm downloading the basic version of PD right now to give it a go.
KP
Post a Comment