Responder Field Edition

Responder Field Edition was designed to provide law enforcement and computer intrusion investigators with the most powerful Live Windows Memory preservation and analysis capabilities.

Preservation of Live Windows Memory (RAM)

HBGary provides the fastdump software utility as a free download to enable investigators and security analysts to easily "freeze the live memory" on workstations and servers. Fastdump is software that creates a block by block dump of physical memory on live Windows Operating systems.

Memory Analytics & Parsing

Responder FE provides the most thorough and comprehensive memory analysis capability in the industry. Responder performs all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigaiton.

Automated Malware Analysis and Reporting

Responder FE provides the ability to automatically analyze suspicous binaries found during the physical memory analytics. These suspicious files are extracted out of the physical memory file, disassembled, and then the Malware Analysis Plug-in will scan the functions, sub-routines, strings, and symbols to identify and report on suspicious capbilities and behaviors.