- #WHAT IS PRODISCOVER BASIC PRO#
- #WHAT IS PRODISCOVER BASIC PLUS#
- #WHAT IS PRODISCOVER BASIC WINDOWS#
When you launch DFF, you first need to load an evidence file (i.e. Amongst others, DFF’s features include the ability to read RAW, EWF and AFF forensic file formats, access local and remote devices, analyse registry, mailbox and file system data and recover hidden and deleted files. The Digital Forensics Framework (DFF) is a digital forensic investigation tool and a development platform that allows you to collect, preserve and reveal digital evidence.
#WHAT IS PRODISCOVER BASIC WINDOWS#
It can be used for digital chain of custody, to access the remote or local devices, forensics of Windows or Linux OS, recovery hidden of deleted files, quick search for files’ meta data, and various other things. It can be used either by professionals or non-experts without any trouble. The tool is open source and comes under GPL License.
Voila! All of the files that were ever on the hacker’s flash drive are now available for you to see in the ProDiscver window…EVEN THE DELETED ONES!ĭeleted files will have a red X beside their names with all details about creation, modification and deleted dates.Click on path to file “Camp Mystery Case” ending in.
#WHAT IS PRODISCOVER BASIC PLUS#
Under the Content View Folder Click the Plus Sign (+) beside the word “Images”.In left menu of the main ProDiscover screen:.Eject the Flash Drive from the computer.Once the Capture successfully completes you should see this message on your screen.This is what the screen should look like: Wait a while as the image of the hacker’s flash drive is captured.Add a brief Description in the description field if you wish.Add your team name in the field for Technician Name.Leave all other fields as defaults for this window.Enter File Name for the image such as “Camp Mystery Case”.Click “ Choose Local Path” from the menu that pops up.Click the Double Arrows beside Destination field.Select the Source Drive to Be F:\3.738… …(flash drive).Click on the Action Tab in the top left corner of the screen.Enter Brief Description such as: Finding evidence to solve the summer camp hacking mystery.Enter a Project Name such as: Camp Mystery.
#WHAT IS PRODISCOVER BASIC PRO#
Click on the Pro Discover6 Basic Icon on your desktop to open ProDiscover.Using the ProDiscover Tool to retrieve deleted evidence Close all windows once you finish making your notes.Make a note of what you see (the file names and what they contain).View/ Open each of the files or folders that are on the flash drive.Double Click to Open Removable Disk F (The Flash Drive).Click on Removable Disk F.(or I or J…it may be different depending on which USB port you used on your computer).