F-Response Enterprise Edition v184.108.40.206.06
August 02, 2010
Agile Risk ManagementProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A very compatible, stable and fast tool for remote forensics.
- Weaknesses: Interface could be more intuitive.
- Verdict: A powerful program that allows admins to map drives over networks for forensic analysis.
F-Response Enterprise Edition is a tool that you can use to help with some of those frustrating problems you may come across in the field. This is a live forensics tool that is used to map storage devices (hard drives, memory, and more) for easy access by other forensics tools. We tested the Windows version, but numerous other operating systems are supported, including Mac OS X and many distributions of Linux. Support for Solaris, FreeBSD and some other *nix-based operating systems is available in the consultant and enterprise editions.
This tool works by installing an agent on the target machine and thus allowing access. To prevent misuse, a password is needed for the agent. The interface has a stripped-down look. It's not as intuitive as it could be, but it gets the job done.
There are not many steps admins need to walk through to map the network drive, although users may need to adjust some things on the subject machine depending on its operating system and network settings. We tested the tool across a number of machines and had some trouble connecting to those running Windows XP and newer systems, but the friendly and professional support helped solve the problem so that we were up and running in no time.
F-Response has a slight learning curve to it, but once you're acclimated to the tool, it becomes very simple to use. We connected and found the mapped drives to behave as if they were directly connected to the local machine, with the added benefit of write blocking. F-Response creates an ideal environment for the investigator to use with other forensics tools, such as data recovery, imaging or e-discovery tools.
We had no problems mapping a drive with F-Response and then running one of our general purpose computer forensics tools to explore and take an image of it. What impressed us most was the speed at which we were able to transfer and access files. It felt more like a local drive than one mapped over the network.
This is a very straightforward product which can turn a normal forensics tool into a live forensic tool.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context