Mandiant First Response
July 11, 2006
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Strong audit features.
- Weaknesses: Limited support and limited documentation.
- Verdict: Free audit tool that deploys agents across network computers to gather a snapshot before evidence is gathered.
First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
We found that after working with this product for a while, the information it gathers is reported in an organised and simple-to-read fashion.
This product has features that make it a great addition to any set of forensic and incident response toolkits. First Response is less a forensic tool and more of an audit tool. It has a console that deploys on a single computer on a network, with agents deployed across the network to gather information from connected computers.
The information gathered includes system information, current processes, services, tasks, files, issues, and registry information. After all the data has been gathered, it can then all be put into a central report in order to provide a nice snapshot of a network before any additional forensic evidence is acquired. The agents this program deploys leave a small footprint.
Once installed initially, we had no trouble deploying First Response agents on our test network and gathering information on network computers. We found this program to perform quite well and we were able to gather and analyse data in a fairly short period of time.
First Response has fairly comprehensive documentation, which is quite good for a freeware program. The user guide is a combination of a program overview and a light guide to program features. We found that the manual does a good job of explaining the program, but is fuzzy as to how to do certain things such as deploying agents and using some program features.
Since this is a program that Mandiant offers as freeware, its only support is limited to email. But being free, the program is an excellent addition to any forensic toolkit. We would recommend this for all three levels of incident-response kits.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought