F-Response 8.6.1.4 - Apple and Linux for F-Response Collect

Jun 08, 2023

We're happy to announce the latest update to F-Response.

Always remember you can click here to jump straight to the downloads page and get the latest, or read on for more details.
First and foremost, we hope this message finds you well.

This month's release includes big updates for F-Response Collect.

We've been hard at work for quite a while, but we're happy to report that F-Response Collect new includes subject support for Linux (x86_64) and Apple OSX (x86_64 and ARM). We know you've been looking for a way to handle collecting user data from remote Apple machines and we're super excited to finally be able to offer that as part of F-Response Collect.

Starting in 8.6.1.4, F-Response Collect now includes an Apple (x86_64 and ARM) subject for collecting profile(home directories) and custom collection targets from remote Mac systems. To round out that platform support, we've also added a Linux (x86_64) subject for collecting device, profile(home directory) and custom collection targets from remote Linux servers. For Windows, we've added Master File Table (MFT) collection for F-Response Collect Windows subjects (on supported NTFS volumes). MFT targets are a great way to get a solid view of the filesystem before performing a full disk image (or custom collection).

We highly recommend using either your favorite forensic tool, or Eric Zimmerman's MFT Explorer to analyze those collected MFTs.

For more specific information, be sure to check out the manuals on the mission guides and documentation page, as well as the following Missions Guides:

Using F-Response Collect on Linux
Using F-Response Collect on Apple OSX

Thanks for reading. Don't forget, if you are interested in seeing F-Response Collect in action and digging into the gritty details, don't hesitate to contact us to arrange a GoToMeeting demo and evaluation.

Warmest Regards,

M Shannon