Technology Pathways Releases Freeware Forensic Software

Technology Pathways, LLC announced today the release of ProDiscover® Basic, a new freeware version of the ProDiscover Family of Computer Forensic Software…ProDiscover Basic provides a complete computer forensic solution including the ability to collect, preserve, analyze, and report on computer evidence.

“We want to help the smaller law enforcement departments and agencies that need computer forensics capability, but can’t afford it,” stated Steve Richardson, President & CEO of Technology Pathways. “We also see a large need by colleges and universities for a tool to help teach forensics in the classroom.”

ProDiscover Basic is an easy to use, GUI based, complete forensic package. It utilizes the same court accepted capability to image computer disk drives, create hash signatures for authenticity verification, perform comprehensive analysis, and create comprehensive reports as the rest of the ProDiscover family. “While it doesn’t include all the features of the rest of the product family, ProDiscover Basic can be used to work a complete case” according to Christopher L.T. Brown, founder and CTO of Technology Pathways. “It will be a helpful tool to all forensics practitioners.”

ProDiscover Basic can operate on virtually all Windows based file systems and is limited to operating on locally attached disk and image files. It can recover deleted files, search unallocated and slack space for hidden evidence and can read and write dd images for compatibility with other forensic tools. ProDiscover Basic can even wipe used disk drives to prepare them to store evidence and avoid cross contamination. With its extensive integrated help capability and an electronic copy of the user manual, ProDiscover Basic is easy to use for computer forensic practitioners.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

To be effective, computer forensic practitioners require training. Computer forensics practitioners should be trained on the basics of evidence handling such as preserving the chain of evidence as well as have extensive computer knowledge before using any computer forensic tool. Training for computer forensics is already available from many sources including SANS, HTICA, IACIS, and many universities and colleges. ProDiscover Basic training will also be made available from a wide range of sources.

ProDiscover Basic is available for download from the Resource Section of the Technology Pathways web site at www.techpathways.com. It is licensed to be freely used and shared, but may not be resold for profit. Details of the end user license are included with the downloaded code.

Technology Pathways, LLC is a leading edge provider of computer and network security tools and services for the Corporate IT, government, education, and legal communities. The ProDiscover® family of products provides affordable software solutions in the areas of computer forensics, incident response, system auditing, internal investigations and electronic discovery. Our CISSP certified consultants provide security, forensic and discovery services to corporations and law firms. Technology Pathways products and services are utilized nationally by major corporations and government agencies.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...