Comments on Computer Forensics, Malware Analysis & Digital Investigations: EnCase + F-Response + EnScript = very affordable n...

Anonymous, thank you, I fixed the initial link tha...

2010-03-18T08:57:05.630-07:00

Anonymous, thank you, I fixed the initial link that was broken.

F-response is not correctly linked to the site.

2010-03-18T08:44:53.842-07:00

F-response is not correctly linked to the site.

Thanks for the feedback, Lance. I'm familiar...

2010-03-17T09:37:51.712-07:00

Thanks for the feedback, Lance.

I'm familiar with the FIM and have a copy. I was wondering what other capabilities I may be missing compared to the EnCase Forensics & F-Response combo you described. Now I know...

Best regards, Phil

Phil, EnCase FIM is the EnCase you already know wi...

2010-03-17T05:11:46.029-07:00

Phil, EnCase FIM is the EnCase you already know with network capabilities.

The only Additional feature you get from FIM or EnCase Enterprise is snapshot ability, which gives you running processes, etc which is very helpful when doing incident response.

But then on the other hand F-Response handles network connection to Windows, Linux, Apple, Solaris, AIX, SCO, HPUX, and Freebsd. FIM does not support all those platforms.

Everything else that you could do or want to do with FIM, can be done with EnCase forensic.

If you are not familiar with EnCase FIM, it looks, tastes, smells and acts just like the EnCase Forensic version you use now, just with the ability to reach out and connect to a remote machine. The analysis part ids the same in EnCase Forensic and FIM.

Thanks for the feedback, Lance. My question wasn...

2010-03-16T17:50:42.604-07:00

Thanks for the feedback, Lance.

My question wasn't well articulated. What I was trying to ask was whether the combination of EnCase Forensic and F-Response had more to offer that EnCase FIM. From what you're saying, I gather that one of the differences would be in the FIM's limitation over concurrent connections.

Phil, I assume you own at least EnCase Forensic ed...

2010-03-13T02:30:45.637-08:00

Phil, I assume you own at least EnCase Forensic edition, if so then you only need to buy F-Response Enterprise. If you already own a lessor version, then you only need to upgrade that. The $8,000 was if you own nothing.

F-Repsonse does not offer any features like FIM, its not a forensic analysis tool, its a network connection tool. The analysis and features are coming from EnCase, so whatever you have in your EnCase Forensic version as far as modules, or EnScripts, you can use them like usual.

FIM has limitations on concurrent connections, And you will pay more for more connections with FIM, F-Response does not.

I am not preaching that F-Response is a better solution to FIM or EnCase Enterprise. I am just sharing an alternative affordable solution. We all have our favorites and each tool has it's own strength and weaknesses. As I mentioned, I love EnCase Enterprise and FIM, but I cant afford that or the licensing (only installed on one machine), whereas this solution can be installed on any machine. The post above is meant to describe just another alternative solution.

Lance, if it costs around $9K, wouldn't one be...

2010-03-12T17:32:13.880-08:00

Lance, if it costs around $9K, wouldn't one be better off with EnCase FIM instead? I know it's advertised a lot higher, but they discount it from time to time. And FIM comes with the EnCase Consultants edition which includes all the plug-ins. Does F-Response offer any additional features not found in the FIM?

Raffael Vargas Great Lance ....

2010-03-11T18:36:53.565-08:00

Raffael Vargas
Great Lance ....

Very cool, Lance, thanks. I'm curious though -...

2010-03-11T10:08:14.630-08:00

Very cool, Lance, thanks.
I'm curious though - does this contravene the EnCase Forensic EULA?