License Lookup Chat Offline - Leave Message

Which F-Response is right for you?

Jan 14, 2025

It has come to my attention that it might not be easy to figure out which F-Response is the right F-Response for you. In the spirit of the new year, I think it's high time we addressed that with an updated post.

Photo by Serge Kutuzov on Unsplash

But first a quick recap...

Just in case you missed the prior post, let's get on the same page with what F-Response is and what it does. First and foremost, F-Response is a forensic access and collection tool. F-Response excels at getting you access to remote data sources, including drives, volumes, memory, as well as the more modern offerings such as cloud files, servers, and network storage. Simply put, F-Response is a tool for E-Discovery and Cyber Forensics professionals designed to solve the last mile, to get you access to often difficult to reach sources of evidentiary data and help you collect them.

Now, I would be remiss if I didn't also stress what F-Response is not. F-Response is not an analysis platform. You aren't going to use F-Response products to carve unallocated space, to look for indicators of compromise, or to sweep your network. F-Response is a software solution designed to make other tools better. F-Response gets you access to the data and/or helps you collect it, but you will still need something to process that data.

F-Response is all about the freedom to choose the right tool for the task, with F-Response standing by to extend that tool's reach.

So, that's great. You were talking about versions though...

Right, I was. Over the preceding seventeen years, we've developed a number of different versions of F-Response, so many that sometimes potential customers get confused on which one makes sense. It happens. We try to put out a product matrix, but even that can leave more questions. So, it's in that spirit that I'll try to cut right to the chase today.

It all comes down to what you are trying to access/collect and where it resides.

If your primary needs are disks and volumes that reside on systems you have physical access to, then you're going to want to look at things like F-Response TACTICAL or F-Response Consultant. These aren't covert solutions. They tend to be the favorite version of F-Response for our law enforcement customers. They require the least amount of networking experience and get you directly to the data in question quickly.

Now, if you have similar needs for disks, volumes, and memory, but the assets you need to target are more remote (LAN/WAN), then you should be looking at Consultant + Covert or Enterprise. Both solutions offer the same features as the prior options, but are much more capable for larger distance deployment and collections.

All the afore mentioned F-Response offerings form what we call "Classic" F-Response and meet the needs of most of our customers. However, we offer two additional products for specific use cases.

F-Response Universal feels a lot like Enterprise, but it has a vastly different networking model which makes it a great fit for more centrally organized investigations teams or in highly locked down environments.

F-Response Collect is all about making device collections over unstable networks and extreme distances. It was built during the global pandemic and is designed for the Work-From-Home world. It excels at collecting images where you're off the VPN and network stability is not always available.

Hmm, I still don't know, can I talk to someone?

Sure! We're happy to talk to you about your unique challenge or situation. Also, F-Response is not a high pressure sales process. You set up a call, we talk, and if we can help you then we'll do a demo and perhaps a trial. If not, we'll point you in the direction we think might be best. We're not here to make a quick sale, we're here to solve a problem, meet a need, and make your remote cyber forensics challenges just a little bit easier.

Thanks!

Matt