prodiscover server (PDServer)Īs others forensics analysis software we can also customize appearance of prodiscover. The “Auto Retries” setting helps ProDiscover how many times to automatically attempt to reestablish communications after a “Server Time-out” has occurred. The “Server Time-out” setting tells ProDiscover how much time he needs to wait without receiving packets before trying to reestablish communications with the PDServer Remote Agent. Here you can set default port number to communicate disk access.Investigator can customize this port number as per his network environment. “PDServer” is the menu available only in ProDiscover Incident Response. Size of file carving in prodiscover is 2 MB.Ĭlick on “Office X files as folders” this setting is for MS-Office files which are based on 2007, 2010, 2013 & so on.Ĭlick on “Compressed files as folders” prodiscover general We also need to choose the maximum file size to be carved from evidence image or drive.ĭefault max. When user is working on remote system investigation you can add & save search result & project report to project file. This setting is primarily known as as “offline project mode” and includes the choices “Prompt Me”, “Add as Offline”, and “ignore”. The “When a disk/image cannot be found while opening the project:” this setting is primarily developed for user who is doing remote investigation. Select appropriate path of system for working folder. Users may select any desired location as the ProDiscover “Working Folder”.
By default the “Working Folder” is set to use the current users Documents and Settings temporary folder. ProDiscover uses a “Working Folder” to persist temporary files in during investigation operations such as generating hash values. Auto verify checksum: – This will increases project load time as it verifies evidence for checksum.Warning: Turning on “Auto Verify Image Checksum” will cause image addition and project loading to become very slow.
Here I have selected MD5 hash algorithm as it takes very less time for verification. Prodiscover hash algorithm prodiscover hash algorithm
During the investigation if new scenario comes into picture then it will be 002. In normal case it should be case initials i.e client name or forensics case reference e.g (Fraud Investigation, Espionage)Ġ01- It is first case for respective client. PIRCUSTOM-Prodiscover custom is name what I have given. People always used to ask what should be standard evidence number, standard forensics project file name here is the solution. Type your forensics case number as & project file name as. Left click on “Project Number” prodiscover launch window Just double click on Prodiscover icon which is there in system.
Here I will demonstrate how to perfrom changes in prodiscover to create strong forensics case. Computer forensics software are complete customizable depend on cases to case. Most of the digital forensics analysis software’s needs to be customized before to load case. How to start prodiscover incident response.