F-Response Enterprise Edition v220.127.116.11.06
August 02, 2010
Agile Risk ManagementProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A very compatible, stable and fast tool for remote forensics.
- Weaknesses: Interface could be more intuitive.
- Verdict: A powerful program that allows admins to map drives over networks for forensic analysis.
F-Response Enterprise Edition is a tool that you can use to help with some of those frustrating problems you may come across in the field. This is a live forensics tool that is used to map storage devices (hard drives, memory, and more) for easy access by other forensics tools. We tested the Windows version, but numerous other operating systems are supported, including Mac OS X and many distributions of Linux. Support for Solaris, FreeBSD and some other *nix-based operating systems is available in the consultant and enterprise editions.
This tool works by installing an agent on the target machine and thus allowing access. To prevent misuse, a password is needed for the agent. The interface has a stripped-down look. It's not as intuitive as it could be, but it gets the job done.
There are not many steps admins need to walk through to map the network drive, although users may need to adjust some things on the subject machine depending on its operating system and network settings. We tested the tool across a number of machines and had some trouble connecting to those running Windows XP and newer systems, but the friendly and professional support helped solve the problem so that we were up and running in no time.
F-Response has a slight learning curve to it, but once you're acclimated to the tool, it becomes very simple to use. We connected and found the mapped drives to behave as if they were directly connected to the local machine, with the added benefit of write blocking. F-Response creates an ideal environment for the investigator to use with other forensics tools, such as data recovery, imaging or e-discovery tools.
We had no problems mapping a drive with F-Response and then running one of our general purpose computer forensics tools to explore and take an image of it. What impressed us most was the speed at which we were able to transfer and access files. It felt more like a local drive than one mapped over the network.
This is a very straightforward product which can turn a normal forensics tool into a live forensic tool.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes