Friday, April 18, 2008

I'm excited

For the first time in quite a while I'm pretty excited. Just last week Matt Shannon released F-Response. F-response looks like it may shape up to be the best tool in my arsenal. Not because it makes analysis easier but because it facilitates analysis where it wasn't possible before and it does so in such a brilliant way that I'm just amazed. It also allows responders or examiners the opportunity to use the bulk of their toolkit safely and without the immense impact that many of our tools have on systems. When I've taught classes I specifically instruct people NOT to run AV, backups, and the other things that people like to execute to "investigate". This tool re-opens that door and can allow a first responder to actually respond to the incident, analyze with their typical toolset, and escalate when needed.

I'll be writing quite a bit about this tool and what can be done with it because I am just that excited about it.

6 comments:

Bernard Lim said...

I'm curious.

Does F-response work like Logicube's Phantom?

hogfly said...

Bernard,
Nope it's very different from the phantom and talon. It's software for starters and it's network based.

Anonymous said...

The more awesome it is, the more disappointed I'm going to be that they are trying to get a patent on it, preventing similar open source software.

hogfly said...

Anonymous,
There's nothing wrong with patenting a novel idea and the methodology is there?

My hope is that they don't get swallowed by another company...like Guidance or AccessData.

Anonymous said...

No, I'm not blaming them for it at all. I can understand why they did it, I just wish there could be an open source version as well...

Keydet89 said...

...the more disappointed I'm going to be that they are trying to get a patent on it, preventing similar open source software.

I'm not sure I follow...how is getting a patent preventing someone from coming up with their own novel, albeit open-source, solution?