F-Response Enterprise Edition v220.127.116.11.06
August 02, 2010
Agile Risk ManagementProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A very compatible, stable and fast tool for remote forensics.
- Weaknesses: Interface could be more intuitive.
- Verdict: A powerful program that allows admins to map drives over networks for forensic analysis.
F-Response Enterprise Edition is a tool that you can use to help with some of those frustrating problems you may come across in the field. This is a live forensics tool that is used to map storage devices (hard drives, memory, and more) for easy access by other forensics tools. We tested the Windows version, but numerous other operating systems are supported, including Mac OS X and many distributions of Linux. Support for Solaris, FreeBSD and some other *nix-based operating systems is available in the consultant and enterprise editions.
This tool works by installing an agent on the target machine and thus allowing access. To prevent misuse, a password is needed for the agent. The interface has a stripped-down look. It's not as intuitive as it could be, but it gets the job done.
There are not many steps admins need to walk through to map the network drive, although users may need to adjust some things on the subject machine depending on its operating system and network settings. We tested the tool across a number of machines and had some trouble connecting to those running Windows XP and newer systems, but the friendly and professional support helped solve the problem so that we were up and running in no time.
F-Response has a slight learning curve to it, but once you're acclimated to the tool, it becomes very simple to use. We connected and found the mapped drives to behave as if they were directly connected to the local machine, with the added benefit of write blocking. F-Response creates an ideal environment for the investigator to use with other forensics tools, such as data recovery, imaging or e-discovery tools.
We had no problems mapping a drive with F-Response and then running one of our general purpose computer forensics tools to explore and take an image of it. What impressed us most was the speed at which we were able to transfer and access files. It felt more like a local drive than one mapped over the network.
This is a very straightforward product which can turn a normal forensics tool into a live forensic tool.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- U.S. government extends offer to protect states from electoral cyberthreats
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought