F-Response Collect for a Work From Home (WFH) World
Jul 24, 2024
I've been working in Computer Forensics, Incident Response, and E-Discovery for a lot of years. For those playing along at home, I started this business when Windows XP and Server 2003 were the order of the day. As such, I've seen a lot of things happen during the follow-on years.
Photo by Alexandru-Bogdan Ghita on UnsplashI've watched servers become virtual, the rise of Linux, and the birth of computing on demand.
When F-Response first debuted, the idea of having users connected via VPN was commonplace, but still somewhat restricted to those whose jobs necessitated travel.
Now a whole lot of us Work From Home (WFH), me and the rest of the F-Response team included. We have always been fans of remote work and VPN connectivity, but really didn't see things take off until the pandemic.
2020 was a banner year for remote working, vpns, and vpnless cloud service working environments.
It was also the same year we built F-Response Collect.
Of course, this should come as no surprise. Traditional F-Response offerings, while still completely usable and valid in a large number of situations, really don't effectively address the WFH model. F-Response "Classic" (Enterprise, Consultant + Covert, Consultant, Tactical) all depend on being able to make a direct connection to the subject machine. This means they are fast, very fast, but that speed comes at a price.
Classic F-Response needs a direct connection. It's going to work great in your local or wide area network. It's also going to work very well with VPN connected machines, but it's just not the right solution for systems you can't "reach" through the network.
That's where F-Response Collect comes in.
Collect runs as a server that subjects and examiners communicate with. It takes tasking from the examiner machine in the form of collection operations (image disks, memory, volumes, files, folders, MFT, etc.), then passes those tasks on to the subject machine you want to get a collection from.
It does this without requiring a direct connection to the subject. This means Work From Home just works with F-Response Collect. As long as those home user laptops and desktops can reach your F-Response Collect server, they can get their tasking and push data.
Also, because of its design, dropping a connection means F-Response Collect will just pick back up when connectivity is re-established.
I know it's a lot to take in: full device imaging, for WFH users, with automatic resuming, all at a very low price point and from the team that has been doing remote forensics since Windows XP ruled the world?
We promise, it's real. We do demos daily and would be happy to set up an evaluation in your environment.
The world has changed and keeps doing so with each passing day. Having a solution for far-flung collection is quickly becoming a requirement and not a nice-to-have.
So, if this is you, or the pain you are feeling, let us know. We'd love to help you solve it.
Matt