afm for AFF metadata AFF is open source Guide to Computer Forensics and Investigationsħ Determining the Best Acquisition Method Garfinkel of Basis Technology Corporation Design goals Provide compressed or uncompressed image files No size restriction for disk-to-image files Provide space in the image file or segmented files for metadata Simple design with extensibility Open source for multiple platforms and OSs Guide to Computer Forensics and Investigationsĭesign goals (continued) Internal consistency checks for self-authentication File extensions include. Proprietary Formats Features offered Option to compress or not compress image files Can split an image into smaller segmented files Can integrate metadata into the image file Disadvantages Inability to share an image between different tools File size limitation for each segmented volume Guide to Computer Forensics and Investigationsĭeveloped by Dr. Raw Format Makes it possible to write bit-stream data to files Advantages Fast data transfers Can ignore minor data read errors on source drive Most computer forensics tools can read raw format Disadvantages Requires as much storage as original disk or data Tools might not collect marginal (bad) sectors Guide to Computer Forensics and InvestigationsĤ Guide to Computer Forensics and Investigations Three formats Raw format Proprietary formats Advanced Forensics Format (AFF) Guide to Computer Forensics and Investigationsģ Guide to Computer Forensics and Investigations Verdict: Fully functional network-based IT forensics tool with the ability of gathering evidence remotely across a network at an attractive price.1 Guide to Computer Forensics and Investigations Fourth EditionĢ Understanding Storage Formats for Digital Evidence
#Prodiscover basic. full
Against: Requires some experience with tools of this nature to get the full benefit.
#Prodiscover basic. plus
We rate this product as our best buy in the computer forensics product class.įor: All the basic forensic tools plus incident response. The features of a fully capable network-based computer forensics tool, along with the ability to gather evidence remotely make it excellent value. This product is excellent value – comparable products are far more expensive.
#Prodiscover basic. how to
Technology Pathways offers in-depth support on its website, including how to contact support via phone and email as well as an online forum. Remote agents are very small footprint.ĭocumentation is well laid-out with clear explanations of all the program features. We also found that it was quite efficient, with fast and accurate imaging. Once we became familiar with the layout of the interface, we found it was a powerful tool – able to fully image both the disk on our forensics test disk and a disk on a computer on our network. The program performed well under our tests. All its features are built into one main interface that is quite task-efficient with all functionality in one place. It features all the basic IT forensic capabilities – full disk imaging, an ability to find hidden data, file metadata information, and hash-keeping, as well as gather data on disks across an entire network. The product combines features for computer forensics with tools for complete incident response. The user interface is laid out much like other products in this category, and we could navigate around it with barely any trouble at all. Its complexity and granularity mean the user must have some experience of working with a program of this nature, but we quickly found ourselves moving through it with little trouble. This is an invaluable capability in an incident. Other capabilities include the remote analysis of running processes, open files, open ports and services, and other network-based functions. ProDiscover IR is a complete IT forensic tool that can access computers over the network (with agents installed) to enable media analysis, image acquisition and network behaviour analysis.