Mandiant First Response
July 11, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Strong audit features.
- Weaknesses: Limited support and limited documentation.
- Verdict: Free audit tool that deploys agents across network computers to gather a snapshot before evidence is gathered.
First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
We found that after working with this product for a while, the information it gathers is reported in an organised and simple-to-read fashion.
This product has features that make it a great addition to any set of forensic and incident response toolkits. First Response is less a forensic tool and more of an audit tool. It has a console that deploys on a single computer on a network, with agents deployed across the network to gather information from connected computers.
The information gathered includes system information, current processes, services, tasks, files, issues, and registry information. After all the data has been gathered, it can then all be put into a central report in order to provide a nice snapshot of a network before any additional forensic evidence is acquired. The agents this program deploys leave a small footprint.
Once installed initially, we had no trouble deploying First Response agents on our test network and gathering information on network computers. We found this program to perform quite well and we were able to gather and analyse data in a fairly short period of time.
First Response has fairly comprehensive documentation, which is quite good for a freeware program. The user guide is a combination of a program overview and a light guide to program features. We found that the manual does a good job of explaining the program, but is fuzzy as to how to do certain things such as deploying agents and using some program features.
Since this is a program that Mandiant offers as freeware, its only support is limited to email. But being free, the program is an excellent addition to any forensic toolkit. We would recommend this for all three levels of incident-response kits.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes