SANS Digital Forensics and Incident Response Blog

F-Response Enterprise now in FOR508: Advanced #DFIR

Starting in August, 2014 - F-Response Enterprise is now part of the SANS 508 Training Course and students will receive it while attending the course.

FOR508 has been updated with cutting edge Enterprise Incident Response capabilities. Starting in the Virginia Beach course attendees will receive a 3 month F-Response Enterprise license as part of the course materials. In addition, registering that license with F-Response immediately after the course will allow students to continue to use that license for an additional 3 months added on to the dongle.

Starting this August in upcoming FOR508 courses, each student will receive:

SIFT Workstation 3

  • Virtual Machine used with many of the class hands-on exercise
  • This course uses the SIFT Workstation 3 to teach incident responders and forensic analysts how to respond to and investigate sophisticated attacks.
  • SIFT contains hundreds of free and open source tools, easily matching any modern forensic and incident response commercial tool suite.
  • Ubuntu LTS Base
  • 64 bit base system
  • Better memory utilization
  • Auto-DFIR package update and customizations
  • Latest forensic tools and techniques
  • VMware Appliance ready to tackle forensics
  • Cross compatibility between Linux and Windows
  • Expanded Filesystem Support (NTFS, HFS, EXFAT, and more)

F-Response Enterprise

  • F-Response software provides read-only access to the full physical disk(s) of virtually any networked computer, plus the physical memory (RAM) of Microsoft Windows systems.
  • Deployable agent to remote systems
  • SIFT Workstation 3 Compatible
  • Vendor Neutral Works with just about any tool
  • Number of Simultaneous Examiners = Unlimited
  • Number of Simultaneous Agents Deployed = Unlimited
  • Gives any IR or forensic tool the capability to be used across the enterprise
  • Perfect for intrusion investigations and data breach incident response situations
  • License Period = 3 months
  • Note: If you register your F-Response Enterprise dongle you receive in class with F-Response, an extended license for an additional 3 months will be provided. A total of 6 months of licensed use

64 GB Course USB

 

  • USB loaded with APT case images, memory captures, SIFT workstation 3, tools, and documentation

SANS DFIR APT Case Exercise Workbook

 

  • Exercise book is over 250 pages long with detailed step by step instructions and examples to help you become a master incident responder

"File System Forensic Analysis"

  • Best-selling book on deep file system analysis authored by Brian Carrier