Mandiant First Response
July 11, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Strong audit features.
- Weaknesses: Limited support and limited documentation.
- Verdict: Free audit tool that deploys agents across network computers to gather a snapshot before evidence is gathered.
First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
We found that after working with this product for a while, the information it gathers is reported in an organised and simple-to-read fashion.
This product has features that make it a great addition to any set of forensic and incident response toolkits. First Response is less a forensic tool and more of an audit tool. It has a console that deploys on a single computer on a network, with agents deployed across the network to gather information from connected computers.
The information gathered includes system information, current processes, services, tasks, files, issues, and registry information. After all the data has been gathered, it can then all be put into a central report in order to provide a nice snapshot of a network before any additional forensic evidence is acquired. The agents this program deploys leave a small footprint.
Once installed initially, we had no trouble deploying First Response agents on our test network and gathering information on network computers. We found this program to perform quite well and we were able to gather and analyse data in a fairly short period of time.
First Response has fairly comprehensive documentation, which is quite good for a freeware program. The user guide is a combination of a program overview and a light guide to program features. We found that the manual does a good job of explaining the program, but is fuzzy as to how to do certain things such as deploying agents and using some program features.
Since this is a program that Mandiant offers as freeware, its only support is limited to email. But being free, the program is an excellent addition to any forensic toolkit. We would recommend this for all three levels of incident-response kits.
Sign up to our newsletters
SC Magazine Articles
- Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more
- House, in rush vote, passes Intelligence Authorization Act
- More than 100K WordPress sites compromised by malware due to plugin vulnerability
- U.S. accounts for most Mac OS X attacks and websites seeded with malware
- Audit shows University of Maryland security flaws remain
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- Securing the enterprise with the five W's of access
- Exploits, mobile and cloud storage threats will plague users in 2015
- 2015 trends to watch: Data destruction, endpoint intelligence and user behavior analytics
- Former employees sue Sony, theaters drop 'The Interview'