F-Response Enterprise Edition v22.214.171.124.06
August 02, 2010
Agile Risk ManagementProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A very compatible, stable and fast tool for remote forensics.
- Weaknesses: Interface could be more intuitive.
- Verdict: A powerful program that allows admins to map drives over networks for forensic analysis.
F-Response Enterprise Edition is a tool that you can use to help with some of those frustrating problems you may come across in the field. This is a live forensics tool that is used to map storage devices (hard drives, memory, and more) for easy access by other forensics tools. We tested the Windows version, but numerous other operating systems are supported, including Mac OS X and many distributions of Linux. Support for Solaris, FreeBSD and some other *nix-based operating systems is available in the consultant and enterprise editions.
This tool works by installing an agent on the target machine and thus allowing access. To prevent misuse, a password is needed for the agent. The interface has a stripped-down look. It's not as intuitive as it could be, but it gets the job done.
There are not many steps admins need to walk through to map the network drive, although users may need to adjust some things on the subject machine depending on its operating system and network settings. We tested the tool across a number of machines and had some trouble connecting to those running Windows XP and newer systems, but the friendly and professional support helped solve the problem so that we were up and running in no time.
F-Response has a slight learning curve to it, but once you're acclimated to the tool, it becomes very simple to use. We connected and found the mapped drives to behave as if they were directly connected to the local machine, with the added benefit of write blocking. F-Response creates an ideal environment for the investigator to use with other forensics tools, such as data recovery, imaging or e-discovery tools.
We had no problems mapping a drive with F-Response and then running one of our general purpose computer forensics tools to explore and take an image of it. What impressed us most was the speed at which we were able to transfer and access files. It felt more like a local drive than one mapped over the network.
This is a very straightforward product which can turn a normal forensics tool into a live forensic tool.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Education sector bullied by ransomware and can barely defend itself, report
- Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits
- DetoxCrypto ransomware imitates Malwarebytes software
- House Committee urges Obama not to pardon Snowden
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?
- Ransomware attack almost sends NASCAR team to the garage