Friday, September 15, 2006

ProDiscover 4.8 is out!

Last week, I received an early announcement from Chris Brown about the release of ProDiscover 4.8, so I downloaded it to check it out.

I've already used it successfully in a preview case. I hooked up the hard drive to a write-blocker, and accessed it with ProDiscover, and it worked just fine.

There are some neat new features to 4.8, most of which will be extremely useful. For instance, you can now use ProDiscover to image the physical BIOS of the system (did anyone see the Blackhat presentation on BIOS rootkits?). Also, you can convert your .eve or .dd files to ISO format.

Finally, similar to LiveView, you can use PD to create the necessary files to launch an image in VMWare. Just so you know, though, it takes more than simply clicking an "OK" button. But to see how simple it is, check out the webinar on where Alex walks you through going from a dd image to a guest running in VMWare (go grab the WebEx Player to watch it). The webinar is instructive and very useful.

No comments: