Incident Verification and System Auditing Tool ProDiscover™ Incident Response enables you to quickly and thoroughly examine a live system operating anywhere on your network. When used as part of an incident response procedure or as part of a routine system audit, ProDiscover Incident Response enables you to determine if that system has been compromised and allows you to gather the evidence needed to prove it.
In addition to being a full client server application and allowing live disk preview, imaging and analysis, ProDiscover IR includes advanced tools for Incident Response of cyber attacks.
Features and Benefits:
Quickly verify if your system has been compromised without taking the system down.
Create a bit-stream copy of any compromised system to enable you to quickly restore the system without losing valuable evidence.
Analyze remote systems over the network eliminating the need to hire expensive staff in remote locations.
Access suspect system disk at the sector level, revealing all files even if suspect system has been compromised by Trojan or rootkit.
Search entire disk, including slack space, Windows NT/2000/XP Alternate Data Streams and even HPA section (patent pending), for complete system integrity.
Find files and processes that cannot be seen by suspect system O/S.
Create system baseline for later comparison to uncover altered files.
Utilizes user provided or National Drug Intelligence Center Hashkeeper database information to positively identify all system files.
User selectable 256 bit Twofish encryption protects data transfers and remote system access.
GUI interface and integrated help function assure quick start and ease of use.
Examine FAT12, FAT16, FAT 32 and all NTFS file systems including Dynamic Disk and Software RAID for maximum flexibility.
Examine Sun Solaris UFS and Linux Ext. 2/3 file systems.
Integrated graphics thumbnail viewer and registry viewer.
Extracts EXIF information from JPEG files to identify file creators.
If you suspect that your system has been compromised or if you perform regular system audits, you need to thoroughly examine systems without taking your network down. ProDiscover™ Incident Response will enable you to quickly, and with certainty, determine the integrity of your system while it is still on-line, performing its normal operations.
ProDiscover™ Incident Response utilizes an agent that runs on the suspect system to read the disk at the bit level. This enables ProDiscover™ Incident Response to work around the suspect system's o/s and examine all files, even if they are hidden by Trojans or rootkits. It also prevents any valuable metadata, such as last time accessed, from being altered. ProDiscover™ Incident Response can search the suspect system for over 400 known Trojans or rootkits. And, to insure the integrity of the o/s, ProDiscover™ Incident Response can examine all files and compare their hash signature to the signatures of known good files from a user provided baseline or from the National Drug Intelligence Center Hashkeeper database. ProDiscover™ Incident Response allows system administrators to be sure that they uncover any compromised files in the least intrusive manner.
If the system has been compromised, ProDiscover™ Incident Response allows the system administrator to make a bit stream image of the disk for later analysis and restore the system to proper working order to get it back on-line quickly. The off-line analysis of the data is easy and allows evidentiary quality data to be provided to law enforcement agencies.
The off-line analysis of the data is easy and allows "evidentiary quality" data to be provided to law enforcement agencies.
800 MHz or higher Pentium-compatible CPU
256 MB RAM (512 MB recommended)
25 MB available hard-disc space
CD-ROM or DVD-ROM drive
VGA or higher resolution monitor
Keyboard and Mouse (or compatible pointing device)
License: Each single end-user license purchased of ProDiscover™ entitles a single user the right to use the ProDiscover™ software. Copies of ProDiscover™ may be installed on up to three machines provided, however, that only one copy is in use at any given time. ProDiscover™ installations may also be moved as needed. See the ProDiscover™ End-User License Agreement for details. Site and Enterprise licenses are also available for ProDiscover™.
The following are the purchasing options for ProDiscover Incident Response - Annual Software Maintenance. If you require a formal quote, choose one or more products and click on the ""Create an Online Quote"" link at the bottom.
Customers who bought ProDiscover Incident Response - Annual Software Maintenance also looked for these solutions from LOGON :-