Fastdump PRO

HBGary releases free tool FGET

HBGary is pleased to announce another free tool for Incident-Responders and Forensic practitioners in the field. FGet (Forensic Get) will allow you acquire timeline information from machines in a Windows network. FGet simplifies the process of acquiring forensically sound copies of key data on the hard drive, including the prefetch directory, system32\config directory, and all user's NTUSER.DAT files.Click here for download page.

FGET v1.0 Goes Live!!

FGet is HBGary's latest free tool release. FGet reduces the cost of incident response engagements and significantly shortens the time required to reconstruct timelines across multiple machines on compromised Windows networks. Shawn discusses the release of FGET here

Honeynet Project Memory Forensics Challenge

In this post we look at how Responder Pro and DDNA allow an analyst to provide quick answers to the memory forensics challenged sponsored by the Honeynet Project.

HBGary and Skout Forensics Announce OEM Agreement

Sacramento, CA and McLean, VA, August 4, 2010, Today HBGary, Inc., (http://www.hbgary.com), a leading provider of next-generation threat intelligence solutions for government agencies and Fortune 500 organizations and Skout Forensics, a pioneering developer of streamlined digital forensic solutions, announced that they have signed an OEM agreement. Read more.

Upcoming Events

HBGary at GFIRST6

The Department of Homeland Security recognized the growing popularity of its annual GFIRST Conference. This year, attendees will have the opportunity to meet with vendors at the GFIRST6 Vendor Expo. GFIRST is August 15-20, 2010 at the JW Marriott San Antonio Hill Country in San Antonio, TX.

FST US Summit 2010

The FST Summit is a two-and-a-half-day event bringing together C-level technology executives from the financial services industry. In its sixth year, the unique and professional forum has been used as a rewarding discussion and learning platform by hundreds of the industry's leading CIOs and CTOs. Learn more.

FastDump - a Memory Acquisition Tool

Fastdump is the industry’s most forensically sound Windows™ memory dumping utility. Fastdump has a memory footprint that is far less than other tools such as Helix/DD. All required code is statically linked so no additional DLL’s are loaded. The final executable size is only 80K.

Fastdump is very simple to use. Use a USB stick or other means to make Fastdump available to a command prompt on the target windows system. Type “fd.exe ” where filename is the dump file and Fastdump will take a snapshot of physical RAM. This file will be a binary dump of RAM. The size of the resulting file will depend on the amount of RAM present in the target machine. Fastdump is optimized to work with USB transfers so it should perform well even when dumping to a USB drive.

FDPro™ is the commerically supported version of Fastdump. FDPro™ supports all versions of Windows™ operating systems and service packs (2000, XP, 2003, Vista, 2008 Server) 32 and 64 bit, including systems with more than 4 gigs of RAM (up to 64 gigs of RAM). FDPro™ supports acquisition of the Windows™ pagefile to be included with the acquisition of RAM. FDPro™ supports a variety of memory probing features that can assist with malware analysis. FDPro™ is packaged with the HBGary Responder product at no additional cost, or can be purchased separately. Visit the store to download or purchase

FastDump Pro FAQ

FastDump Community Edition

The community edition of Fastdump supports only 32 bit acquisition up to 4 gigs of RAM and does not support Vista, Windows 2003, or Windows 2008. The community edition can be downloaded free of charge.

Recent News