Responder Field Edition
May 01, 2009
£950, including one-year maintenance and shipping
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Powerful product with many uses, at a decent price
- Weaknesses: Documentation is weak
- Verdict: While lacking in documentation, once you start to understand how to use it, it is much better than analysing the memory by hand
HBGary's Responder Field Edition is advertised for memory preservation as well as analysis of items in the memory. This product is valuable to both incident response as well as forensics on obstinate malware, with several features particularly useful for each.
After a five-minute install, the product is ready to analyse with its straightforward and to-the-point interface. While the Field Edition of Responder does not include FDPro, which captures memory, the additional licence is c£67 and the advantages may justify the cost. Not only does it have a small memory footprint, but also a proprietary "hpak" output format that captures the Windows Pagefile along with a memory image, allowing a deeper investigation into a system.
If FDPro is not at hand, Responder Field Edition can also import a multitude of other files - including raw image files and VMware memory snapshots.
The process to load and analyse 2GB RAM into the application took less than 15 minutes, after which a tree hierarchy was presented. The product analyses the memory as well as - if it exists - any malware in the memory and it does this job splendidly. While individual items can take minutes to analyse, it allows you to view extra information, such as what files, registry keys and network sockets it may have opened, as well as strings in the product.
Other features include tasks such as displaying the browsing history, documents and passwords that can be deciphered from the memory. There is also reporting functionality, providing detailed investigation reports.
The physical documentation is minimal, just enough to install it. The bundled documentation is useful, if you know exactly what you are looking for. However, there are no general tutorials, explaining how to accomplish the more daunting tasks.
One year of support service is provided. Support by email, telephone, message boards and a ticket system on the website is included when purchasing Responder Professional, with a fee of 20 per cent of the cost annually to continue the service.
At a cost of £950, Responder Field Edition did everything it advertised, showing itself as a versatile forensics tool, justifying the cost significantly.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry