Responder Field Edition

Responder Field Edition was designed to provide law enforcement and computer intrusion investigators with the most powerful Live Windows Memory preservation and analysis capabilities.

Memory Analytics & Parsing

Responder FE provides the most thorough and comprehensive memory analysis capability in the industry. Responder performs all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigation.

Automated Malware Analysis and Reporting

Responder FE provides the ability to automatically analyze suspicious binaries found during the physical memory analytics. These suspicious files are extracted out of the physical memory file, disassembled, and then the Malware Analysis Plug-in will scan the functions, sub-routines, strings, and symbols to identify and report on suspicious capabilities and behaviors.

Responder FE Memory Analytics provide the following:

• Running processes
• Open files
• Passwords in clear text
• Unencrypted data
• Instant messages
• Installed network devices
• Keyboard monitors
• Rootkits & Trojans
• Network socket information
• Registry info

Preservation of Live Windows Memory (RAM)

HBGary Fastdump software utility is a free download to enable investigators and security analysts to easily "freeze the live memory" on workstations and servers. HBGary Fastdump is software that creates a block by block dump of physical memory on live Windows Operating systems.