What is F-Response®?
F-Response® is an easy to use, vendor neutral, patented software tool that enables “Live” forensics and eDiscovery over IP networks using the examiner’s tools of choice. Physical memory, disks, and volumes of the machines under inspection appear on the examiner’s machine as locally attached, read-only devices.
F-Response provides read-only access to full physical disks, logical disks, Cloud-based data, Databases and physical memory (RAM) over the network.
F-Response significantly increases the efficiency and affordability of digital forensics, incident response, data recovery, and eDiscovery efforts by presenting a means to manage the collection, preservation, and analysis process over any TCP/IP network, including the Internet.
Is F-Response Court Approved?
There is no such thing as court-approved software. Courts approve experts and their methods, and courts admit evidence. Evidence collected with F-Response® has been and continues to be used successfully in courts across the country and around the world. Because F- Response® works. Accurately. Securely. Verifiably.
How F-Response works:
F-Response creates an authenticated, read-only connection between the examiner’s computer and the computer under inspection, over the network.
Why Use F-Response?
F-Response is inexpensive, flexible, vendor neutral, and does not require extensive training. Practitioners can learn to use it in a fraction of a day, and then fully leverage their existing arsenal of tools and
training. Other network ready solutions are expensive, require considerable training to use, and force you to use the proprietary integrated vendor analysis tool.
F-Response® term licenses are sold on an annual basis with no limitation on the number of installations or uses.
Forensically Sound & Secure: The examiner cannot alter Metadata, files, or make any change to the machine under inspection because all write operations are silently ignored by F-Response.
Supported Platforms: Provides network accessible, authenticated, RAW, read-only drive access to most computers.
Versatile: F-Response was designed to be completely vendor neutral. If your analysis software reads a hard drive, it will work with F-Response.
Highly Efficient: F-Response maintains a small active memory (RAM) Footprint and will not bog down the user’s workstation or entity’s network.
Scriptable: A language neutral fully scriptable JSON Web Service is available, allowing a technical user of F-Response to script actions typically initiated manually in the Management Console.
Affordable: Fixed yearly license sold in 1 and 3 year increments. No seat limits. No add-ons. No surprises.
F-Response TACTICAL Edition
The TACTICAL Edition of F-Response is our simplest and most direct version. F-Response TACTICAL uses two licensing and software dongles to facilitate the connection to the remote machine. Essentially, you connect the Examiner software dongle to your local machine, and the Subject software dongle to your remote subject machine, then execute the appropriate software on both devices. Provided you are on the same network they should be able to connect readily and provide access to the remote subject's disks, volumes, and memory.
What is F-Response?
F-Response is a forensic, e-discovery, and incident response connection and collection application. F-Response was designed to provide direct, read-only access, to remote physical machines (disks, raid, volumes, and memory) as well as remote cloud storage providers. In addition F-Response provides a clean and simple optional imaging capability for collecting F-Response presented data from multiple sources.
How does F-Response work?
Actually F-Response provides access to these remote data sources a variety of ways. For devices F-Response creates an AES 256bit encrypted and compressed connection to the remote machine and presents the drives or volumes of that machine as local, read-only, physical devices on your examiner machine.
How is F-Response TACTICAL different?
F-Response TACTICAL is the simplest and least feature rich version of F-Response. Simply put TACTICAL excels at simple non-covert connectivity to immediately access servers and workstations. Unlike other versions of F-Repsonse, TACTICAL is a dual dongle solution, meaning you will need to place a licensing dongle in both the examiner and subject machine.
F-Response Core Benefits
Full Live Read-Only Access, No File Level Locking
F-Response provides direct, live, read-only access to the remote target computer's disks, volumes, and in certain cases physical memory. Since all access is at the physical level there is no file level locking, F-Response gives you access to any and all content on the remote target, including protected system content (Registry files, Email PSTs, Database Files, etc).
Windows, Linux, and OSX Examiner Support
F-Response includes optional installation packages complete with gui tools and scriptable command line components for Linx and Apple OSX.
Optional included Imaging capability
F-Response includes high speed scriptable imaging capability (Physical images in Expert Witness "E01" format only).
F-Response Executable and Software
The F-Response subject software functions as a single executable ("exe") on the remote target computer that requires no drivers or installation components, as well as no reboot when deployed and started. F-Response is 100% Windows 10 tested.
Industry Standard and Regulation Compliant AES 256-bit Encryption
F-Response includes industry standard support for AES 256-bit Encryption for connections. F-Response encryption is seamless and native in all versions of F-Response.
F-Response Flexdisk Support
The Flexdisk(TM)(Patented) is a web based disk access and representation tool. The Flexdisk uses standard web technologies (HTTPS/REST ) to provide direct access to the remote target machines Logical and Physical targets in both raw and logical format. The Flexdisk can be accessed and used from any modern web browser and also exposes a feature rich and extensible application programming interface (API) accessible from any system capable of making and interpreting web queries and JSON .
F-Response Targets and Platform Support
F-Response works with all RAID disks, physical drives, logical volumes, and physical memory (32 & 64 bit Windows). In addition, F-Response TACTICAL includes target executables for Windows, Linux and Apple OSX. Furthermore based on its unique vendor neutral patented design, F-Response works with all Computer Forensics, eDiscovery and Data Recovery software packages, simply put, if your package reads from a hard drive, it will work with F-Response.
F-Response Minimum Hardware Requirements (Examiner Computer)
1 Gigahertz (GHz) processor or faster, 1 Gigabyte (GB) of RAM for 32-bit or 2 GB of RAM for 64-bit systems, at least 20 Gigabytes (GB) of Disk Space.
F-Response TACTICAL supports a limited set of remote target platforms including the following:
- Windows Includes Windows XP, 2003, Vista, 2008, 7, 8, 10, 2012, 2016, 32 and 64bit, Physical memory only supported on 32bit and 64bit Windows
- Apple OSX 10.3+ (Note: SIP must be disabled in 10.13+)
- Linux includes most Linux distributions build in the last 5 years
F-Response TACTICAL supports only the following set of remote cloud storage platforms:
- Amazon Simple Software Services(S3), Box.com for Consumers, Dropbox for Consumers, OneDrive for Consumers, Google Drive for Consumers, Google Mail for consumers.