What is F-Response®?
F-Response® is an easy to use, vendor neutral, patented software tool that enables “Live” forensics and eDiscovery over IP networks using the examiner’s tools of choice. Physical memory, disks, and volumes of the machines under inspection appear on the examiner’s machine as locally attached, read-only devices.
F-Response provides read-only access to full physical disks, logical disks, Cloud-based data, Databases and physical memory (RAM) over the network.
F-Response significantly increases the efficiency and affordability of digital forensics, incident response, data recovery, and eDiscovery efforts by presenting a means to manage the collection, preservation, and analysis process over any TCP/IP network, including the Internet.
F Response Quick Overview Video
F Response Enterprise Video
Is F-Response Court Approved?
There is no such thing as court-approved software. Courts approve experts and their methods, and courts admit evidence. Evidence collected with F-Response® has been and continues to be used successfully in courts across the country and around the world. Because F- Response® works. Accurately. Securely. Verifiably.
How F-Response works:
F-Response creates an authenticated, read-only connection between the examiner’s computer and the computer under inspection, over the network.
Why Use F-Response?
F-Response is inexpensive, flexible, vendor neutral, and does not require extensive training. Practitioners can learn to use it in a fraction of a day, and then fully leverage their existing arsenal of tools and
training. Other network ready solutions are expensive, require considerable training to use, and force you to use the proprietary integrated vendor analysis tool.
F-Response® term licenses are sold on an annual basis with no limitation on the number of installations or uses.
Forensically Sound & Secure: The examiner cannot alter Metadata, files, or make any change to the machine under inspection because all write operations are silently ignored by F-Response.
Supported Platforms: Provides network accessible, authenticated, RAW, read-only drive access to most computers.
Versatile: F-Response was designed to be completely vendor neutral. If your analysis software reads a hard drive, it will work with F-Response.
Highly Efficient: F-Response maintains a small active memory (RAM) Footprint and will not bog down the user’s workstation or entity’s network.
Scriptable: A language-neutral fully scriptable JSON Web Service is available, allowing a technical user of F-Response to script actions typically initiated manually in the Management Console.
Affordable: Fixed yearly license sold in 1 and 3 year increments. No seat limits. No add-ons. No surprises.
F-Response Enterprise Edition
The Enterprise Edition of F-Response is our covert, service based (Non GUI), version of F-Response uniquely designed for consultants and internal corporate investigations.
What is F-Response?
F-Response is a forensic, e-discovery, and incident response connection and collection application. F-Response was designed to provide direct, read-only access, to remote physical machines (disks, raid, volumes, and memory) as well as remote cloud storage providers. In addition F-Response provides a clean and simple optional imaging capability for collecting F-Response presented data from multiple sources.
How does F-Response work?
Actually F-Response provides access to these remote data sources a variety of ways. For devices F-Response creates an AES 256bit encrypted and compressed connection to the remote machine and presents the drives or volumes of that machine as local, read-only, physical devices on your examiner machine.
How is F-Response Enterprise different?
F-Response Enterprise is the unlimited covert subject version of F-Response. Simply put this means with F-Response Enterprise edition there is no limit to the number of remote covert subjects at any given time. In addition, F-Response Enterprise deployment and connectivity was designed to be covert and efficient allowing the investigator to access multiple machines quickly without concern for alerting the end user.
I'm a consultant, can I use F-Response Enterprise on-site at a client?
Yes! F-Response was designed by consultants for consultants. Our licensing allows you to use F-Response Enterprise while onsite at your client or while connected to them through a virtual private network. Interested in using F-Response Enterprise as part of an inexpensive Managed Services offering? Check out our complete pdf/xps on leveraging F-Response to extend your consulting practice over the Internet.
F-Response Core Benefits
Full Live Read-Only Access, No File Level Locking
F-Response provides direct, live, read-only access to the remote target computer's disks, volumes, and in certain cases physical memory. Since all access is at the physical level there is no file level locking, F-Response gives you access to any and all content on the remote target, including protected system content (Registry files, Email PSTs, Database Files, etc).
Windows, Linux, and OSX Examiner Support
F-Response includes optional installation packages complete with gui tools and scriptable command line components for Linux and Apple OSX.
Optional included Imaging capability
F-Response includes optional high speed scriptable imaging (Physical images in Expert Witness "E01" format only).
F-Response Executable and Software
The F-Response Enterprise functions as a single executable ("exe") on the remote target computer that requires no drivers or installation components, as well as no reboot when deployed and started. F-Response is 100% Windows 10 tested.
Industry Standard and Regulation Compliant AES 256-bit Encryption
F-Response includes industry standard support for AES 256-bit Encryption for connections. F-Response encryption is seamless and native in all versions of F-Response.
F-Response Flexdisk Support
The Flexdisk(TM)(Patented) is a web based disk access and representation tool. The Flexdisk uses standard web technologies (HTTPS/REST ) to provide direct access to the remote target machines Logical and Physical targets in both raw and logical format. The Flexdisk can be accessed and used from any modern web browser and also exposes a feature rich and extensible application programming interface (API) accessible from any system capable of making and interpreting web queries and JSON .
F-Response Targets and Platform Support
F-Response works with all RAID disks, physical drives, logical volumes, and physical memory (32 & 64 bit Windows). In addition, F-Response Enterprise includes target executables for over ten (10+) operating system environments, including exotic hardware such as IBM AIX and Solaris. Furthermore based on its unique vendor neutral patented design, F-Response works with all Computer Forensics, eDiscovery and Data Recovery software packages, simply put, if your package reads from a hard drive, it will work with F-Response.
F-Response Licensing and Usage
F-Response Enterprise includes unlimited installations, connections, and examiners for a period of one or three year(s) from the date of purchase. Software will cease to function at the end of the license duration unless renewed. In addition, F-Response Enterprise Edition includes a license for F-Response Consultant, Field Kit Edition, and allows true many-to-many connectivity from any examiner platform.
F-Response Scripting and Programming
F-Response Enterprise Edition uses a simple JSON POST style RPC mechanism. This means that local scripting of F-Response is accessible from just about any scripting language that can send and receive HTTP JSON POSTs with JSON data. Learn more about the F-Response API here.
F-Response Minimum Hardware Requirements (Examiner Computer)
1 Gigahertz (GHz) processor or faster, 1 Gigabyte (GB) of RAM for 32-bit or 2 GB of RAM for 64-bit systems, at least 20 Gigabytes (GB) of Disk Space.
F-Response Enterprise supports the largest array of remote target platforms including the following:
- Windows Includes Windows XP, 2003, Vista, 2008, 7, 8, 10, 2012, 2016, 32 and 64bit, *Physical memory is only available for 32bit and 64bit Windows subjects
- Apple OSX 10.3+ (Note: SIP must be disabled in 10.13+)
- Linux includes most Linux distributions build in the last 5 years
- Solaris includes Solaris 10 on SPARC and Intel
- IBM AIX includes AIX 6.1+ on the Power processor
F-Response Enterprise supports a number of remote cloud storage platforms including the following:
- Amazon Simple Software Services (S3), Box.com for Business, Box.com for Consumers, Dropbox for Business, Dropbox for Consumers, Google Drive for Consumers, Google Mail for Consumers, GSuite, Microsoft OneDrive for Consumers, Office365 Drive
Arrange a Demonstration/Trial
Interested in trying F-Response Enterprise risk free in your environment? Use this link to contact Sales and arrange a brief GoToMeeting demonstration, after which we can schedule access to a virtual dongle on our licensing server so you can test how F-Response Enterprise performs in your environment.