Forums
Main Category
General (Technical,...
F-Response
 
Notifications
Clear all

F-Response

 
Page 3 / 4
General (Technical, Procedural, Software, Hardware etc.)
Last Post by fresponse_s 16 years ago
31 Posts
16 Users
0 Reactions
3,443 Views
RSS
 fresponse_s
(@fresponse_s)
Trusted Member
Joined: 17 years ago
Posts: 70
10/07/2008 9:28 pm  

Great question.

F-Response works with the remote drives at the physical level, you should have no problems accessing the live Exchange Server data.

With that being said we are working up a video to demonstrate this process with a couple of EDB file analysis and collection tools.

M Shannon
F-Response


   
ReplyQuote
 fresponse_s
(@fresponse_s)
Trusted Member
Joined: 17 years ago
Posts: 70
11/07/2008 1:55 am  

As promised, one video showing F-Response and a Live Microsoft Exchange 2003 Email Server.

http//blip.tv/file/1068126

Warmest Regards,

M. Shannon


   
ReplyQuote
 LarryDaniel
(@larrydaniel)
Reputable Member
Joined: 17 years ago
Posts: 229
11/07/2008 2:15 am  

Excellent video. Of course until I see and play wit ha real acquisition, I will not be 100% comfortable.

I guess I will be buying the demo so I can do some live testing of my own.

Thanks again.


   
ReplyQuote
 fresponse_s
(@fresponse_s)
Trusted Member
Joined: 17 years ago
Posts: 70
11/07/2008 2:18 am  

By all means, we wouldn't have it any other way. Get a trial, test it out, we look forward to hearing your feedback.

Warmest Regards,

M. Shannon


   
ReplyQuote
 codemaker555
(@codemaker555)
New Member
Joined: 16 years ago
Posts: 1
22/01/2010 8:34 pm  

Can ub tell from wher i can download it……..demo atlest


   
ReplyQuote
 Jonathan
(@jonathan)
Prominent Member
Joined: 20 years ago
Posts: 878
22/01/2010 9:27 pm  

Can ub tell from wher i can download it……..demo atlest

Here http//tinyurl.com/y9qcta7


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
23/01/2010 4:33 am  

Jonathan you are cracking me up with the Google demonstrations. However I cant seem to get to Google -can you come to my office and type it in my browser?


   
ReplyQuote
 reverse
(@reverse)
Active Member
Joined: 16 years ago
Posts: 10
27/01/2010 4:20 am  

As promised, one video showing F-Response and a Live Microsoft Exchange 2003 Email Server.

http//blip.tv/file/1068126

Warmest Regards,

M. Shannon

I know this is dated, but does anyone have any updates as to how they fared using F-Response for the live collection of Exchange Databases? I can see how this would work for live analysis, however for the collection of databases I am curious how this may work since the databases and log files could change during acquisition.


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
27/01/2010 6:22 am  

I know this is dated, but does anyone have any updates as to how they fared using F-Response for the live collection of Exchange Databases? I can see how this would work for live analysis, however for the collection of databases I am curious how this may work since the databases and log files could change during acquisition.

I believe Mr. Shannon is at the DoD conference this week and could provide a bit of a better detail in response to the product.

However….
Using the Volume Shadow Copy VSS you could make a volume that is "frozen" and can be hashed because F-Response will mount VSS volumes.

Or in your imaging tool of choice do a directory list hash list prior and after the acquisition so you can document changes.

Post a few months ago discussing EDB extraction with F-Response
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&p=6534100


   
ReplyQuote
 fresponse_s
(@fresponse_s)
Trusted Member
Joined: 17 years ago
Posts: 70
27/01/2010 7:30 am  

Doug has it right, that's a perfectly fine way to do it.

Thanks Doug!


   
ReplyQuote
Page 3 / 4
Forum Jump:
  Previous Topic
Next Topic  
Share: