paxchallenge.blogg.se - Prodiscover forensics .aff

Storage can be done using regular HTTP, as well as imaging directly to a central HTTP server using webdav. It features a choice of binary container formats such as Zip, Zip64 and simple directories. AFF4 is geared towards very large corpuses of images. These file formats were developed independently of any specific forensics package.įull details of the format and a working implementation can be downloaded from AFF4ĪFF4 is a complete redesign of the AFF format.

2.9 Programs with no specific file format.

2.5 Rapid Action Imaging Device (RAID)'s Format.

2.3 ProDiscover Family's ProDiscover image file format.

2.2 ILook Investigator's IDIF, IRBF, and IEIF Formats.

1.3 gfzip (generic forensic zip) file format.

It is designed by Technology Pathways according NIST standards and utilizes industry standards it keeps compatibility with other tools.

It is possible to script utilizing Perl to automate data collection and analytical tasks. It can capture volatile data in RAM and in many cases can extract evidence from live computers with full disk encryption. ProDiscover allows to forensically examine live a system over a network without needing to shut it down or remove the hard drive.

The product suite is also equipped with diagnostic and evidence collection tools for corporate policy compliance investigations and electronic discovery. ProDiscover provides a rich set of features and toolkits for Computer Forensics and Incident Response. It is a complete, integrated software solution allowing to image, find, analyze, preserve, and report on any evidence contained on a computer hard drive. ProDiscover® suite of products addresses a wide range of scenarios handled by law enforcement organisations and corporate internal investigations. ProDiscover® is an affordable, quick, and easy to use solution for computer forensic needs.