ProDiscover Basic (Lab)

1. You can install ProDiscover Basic.

  • Open or from BB, and extract all the contents while selecting a destination where you want to install (You should select one of files depending on your PC, 32bit or 64bit operating system, for example, go to Computer in Desktop (your computer) and click Property).
  • After the installation, right-click ProDiscoverRelease8202Basicx86.exe or ProDiscoverRelease8202Basicx64.exe and click Run as administrator to begin installing ProDiscover Bacic.
  • Follow what it directs you.

2. You wipe securely your USB drive before using it for our inclass-Lab and it can be also used “wipe securely” as anti-forensics.

A. Right-click the ProDiscover Basic desktop icon to open

B. In the Launch Dialog box, Click Tools, Secure Wipe from the ProDiscover menu.

C. In the Secure Wipe Disk box, click the Disk to Wipe list arrow, and click the right drive of the USB drive (not C or D main drive). Otherwise, you delete all your critical data.

D. In the Number of Passes list box, type 2, and then click Start to begin the process.

3. You simulate seizing the digital evidence (downloading inclass-Lab files) on the USB drive Using ProDiscover Basic to image and build a ProDiscover Basic .eve image to search for existing or deleted files.

  • Insert the USB drive containing evidence into your computer.
  • Create a folder called IASP-530 Labs in your C drive.
  • Double-click the ProDiscover Basic desktop icon. Click Action, Capture Image from the menu.
  • In the Capture Image Dialog box, click the Source Drive list arrow, and then click the driver letter for the USB drive.
  • Click the double arrow button next to the Destination text box, click Choose Local Path, and navigate to and click the C:Labs folder. In the Save As dialog box, type LabProj1 to save it.
  • In the Capture Image dialog box, type your name and LabProj1 in the Image Number text box.
  • When the imaging is finished, click OK. Then you should confirm that the LabProj1.eve image has been created. Take a snap shot to submit a lab 1 report.

4. You convert from ProDiscover Basic .eve to a .dd Image that can be viewed by any tool (e.g.,FTK imager).

A. Double-click the ProDiscover Basic desktop icon, click Tools on the menu, point to Image Conversion Tools, and then click Convert ProDiscover Image to “DD”.

B. In the Convert ProDiscover Image to “DD” Image dialog box, click the Browse button, navigate to and click the C:Labs, click the LabProj1.eve file for conversion (You can convert it at the same or different directory).

C. Click OK. When the conversion is finished, you should check that the LabProj1.dd image has been created. Take a snap short for the report.

5. You are going to analyze the USB (using InChp01-prac file after unzipping) that was delivered by George’ manager and it had already imaged as .eve file. You have to search the appropriate evidence of whether George is making an extra income utilizing company’s property. However, George claims that he would work in his own laptop. In that situation, what else we can refute his statement. Find any evidence to refute his allegation by presenting the appropriate evidence.

Plus, take snap shots of all generated files while performing 2, 3, 4 and 5.

What is your observation? Write two or three paragraphs and upload it with a Word file