Product Information

Mandiant First Response

starstarstarstar

by Peter Stephenson July 11, 2006
Vendor:

MANDIANT

Product:

Mandiant First Response

Website:

http://www.mandiant.com

Price

Free

RATING BREAKDOWN

  • Features:
    starstarstarstar
  • Ease of Use:
    starstarstar
  • Performance:
    starstarstarstar
  • Documentation:
    starstarstar
  • Support:
    starstarstar
  • Value for Money:
    starstarstarstarstar
  • Overall Rating:
    starstarstarstar

QUICK READ

  • Strengths: Strong audit features.
  • Weaknesses: Limited support and limited documentation.
  • Verdict: Free audit tool that deploys agents across network computers to gather a snapshot before evidence is gathered.

First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.

We found that after working with this product for a while, the information it gathers is reported in an organised and simple-to-read fashion.

This product has features that make it a great addition to any set of forensic and incident response toolkits. First Response is less a forensic tool and more of an audit tool. It has a console that deploys on a single computer on a network, with agents deployed across the network to gather information from connected computers.

The information gathered includes system information, current processes, services, tasks, files, issues, and registry information. After all the data has been gathered, it can then all be put into a central report in order to provide a nice snapshot of a network before any additional forensic evidence is acquired. The agents this program deploys leave a small footprint.

Once installed initially, we had no trouble deploying First Response agents on our test network and gathering information on network computers. We found this program to perform quite well and we were able to gather and analyse data in a fairly short period of time.

First Response has fairly comprehensive documentation, which is quite good for a freeware program. The user guide is a combination of a program overview and a light guide to program features. We found that the manual does a good job of explaining the program, but is fuzzy as to how to do certain things such as deploying agents and using some program features.

Since this is a program that Mandiant offers as freeware, its only support is limited to email. But being free, the program is an excellent addition to any forensic toolkit. We would recommend this for all three levels of incident-response kits.

Related Group Test

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US