Download GROUP PRODUCT REVIEWS – Product Review Request

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts
no text concepts found
Transcript 
GROUP PRODUCT REVIEWS – Product Review Request
PRODUCT GROUP: Media Forensics
Collection arrangements for hardware products should be made no more than 30 days following
publication of the review. Products not collected after this period will be disposed of at the discretion of SC
Magazine Labs. Software will be disposed of automatically unless you have ticked the appropriate
box below. Collection arrangements are to be made by developers at their own expense.
X Software to be collected
Yes, We would like to get the Aladdin HASP key back please.
HBGary Responder Professional: $9000.00 per license. 20% per year for annual maintenance.
Support by email, message boards, and phone during normal business hours M-F.
GROUP PRODUCT REVIEW CATEGORY: Media Forensics
DETAILS –
*Product name: Responder Professional
*Company name: HBGary, Inc.
*Version: 1.4
*Tel: 916-459-4727
*Email: [email protected]
*Web: www.hbgary.com
*Basic price *US $9000.00 plus 20% maintenance per year.
*Support Offerings: M-F during business hours by email, phone, and message boards.
IMPORTANT INSTRUCTIONS: Please ensure that the product is sent to the US test lab unless
instructed otherwise and marked as shown below within seven days of this initial request. I would be
grateful for a reply by close of business tomorrow. It is important that we have the above information before
commissioning this review. Please note that you must also fill in Addendum A – the features form. This
form describes the minimum features required for products participating in this group product review. Finally,
please include a product photo in .jpg, .gif, .tif, .png or .eps format.
US TEST LAB SHIPPING ADDRESS
4474 Castlewood Drive
Auburn Hills, MI 48326
Attn: Mike Stephenson
Email: [email protected]
(248) 373 2813
Regards,
Dr. Peter Stephenson, CISSP, CISM, FICAF
Laboratory Director
OTHER SHIPPING ADDRESS
*APPENDIX A – FEATURES REQUIREMENTS
GROUP PRODUCT REVIEW CATEGORY: Media Forensics (Windows RAM)
GENERAL DESCRIPTION OF PRODUCTS THAT FIT IN THIS CATEGORY:
following subgroups:
 Computer Forensics
Tools in this category address the
 Small media/device forensics  Case Management
Please check the features below that your product includes.
MINIMUM SPECIFC FEATURES REQUIRED FOR INCLUSION IN THIS GROUP PRODUCT REVIEW (please
check all that apply to your product submission – we reserve the right to exclude products that do not
meet the minimum requirements):
Computer forensics:
YES Media acquisition and analysis of RAM
YES Must address, at minimum, the MS Windows Operating System RAM
Case Management:
YES Tools for managing evidence, case notes, etc.
Please provide a brief description on how your product meets the above criteria from a technical
perspective.
Responder Professional is the industry’s first live memory and runtime analysis software suite used to detect,
diagnose, and respond to today’s advanced computer threats Responder Professional comes with FDPro
which is used to forensically preserve live physical memory and Pagefile on running Windows computer systems.
FDPro supports all Windows OS’s from 2000 through 2008 all service packs both 32 and 64bit. RAM and Pagefile
images are imported into Responder Pro which virtually rebuilds the runtime state of the machine for information
security and forensic analysis purposes. These live analysis techniques are especially useful for computer
intrusions, advanced malware detection, finding passwords and encryption keys, and other memory resident only
type of artifacts. Responder has a friendly user interface to support investigator workflow. A flexible reporting
module allows quick delivery of information to attorneys, management or clients. Reports can be exported
out to CVS, PDF, RTF and other reporting standards.
These new live investigation capabilities allow information security analysts, forensic investigators and incident
responders to perform a more complete computer investigation.
Please provide the minimum system requirement for your product (Software Products Only)
Windows XP SP3 2GB RAM, As much processor as you can throw at it.
Please describe technical specifications for a typical installation environment
2 Pieces of Software:
1. Responder Professional: Analyst GUI application front end. Most often installed on Windows XP or Vista.
Responder uses lots of memory so you should put as much RAM into the machine as possible for more
performance.
2. FDPro is the memory acquisition utility and runs best from a USB 2.0 thumb drive. Users would launch it
from a command prompt or it can also be scripted. FDPro can acquire RAM and Pagefile on all Windows
2000 sp0-sp4, Windows XP sp0-sp3, 2003 Server, sp0, sp1, Vista sp0, sp1, 2008 Server.
Please list the vendor and/or types of devices supported.
Responder Professional can import RAM images from the software listed below:
VMware ESX server images. Vmsn files
VMware workstation memory snapshot files. Vmem files
DD memory images
MDD memory images
Winen from Guidance Software
Access Data FTK Imager
*APPENDIX B – SUPPORT OPTIONS
Support options can be difficult to extract from vendor web sites. In order to ensure that we have correct
information about your customer support options please provide the following:
X Basic no-cost support offered
Type and for what duration?
For the first year, there is email, phone, message board support at no
cost.
X 8x5
Fee-based options: _________________________________________________________________________
What is the fee? $_____________
Do you offer different levels of support? X No
What are the levels? _________________________________________________________________
X Phone support? yes
X Email Support? Yes
Does your website have a support feature? X Yes, we do.
Is it a knowledgebase? Yes
Is it a FAQ list? Yes we have a FAQ list and also the message boards are growing.
Our General Test Procedures are attached. Please note that by returning this form you acknowledge that
you have read and accept those procedures.
ALL OF THIS INFORMATION MUST BE PROVIDED
NAME OF PERSON COMPLETING THIS FORM:
TITLE OF PERSON COMPLETING THIS FORM:
EMAIL FOR PERSON COMPLETING THIS FORM:
Rich Cummings
CTO
[email protected]
PHONE FOR PERSON COMPLETING THIS FORM: 703-999-5012
NAME OF PR CONTACT:
PHONE AND EMAIL OF PR CONTACT:
Karen Burke
650-814-3764 – [email protected]
NAME OF TECHNICAL CONTACT:
Rich Cummings
PHONE AND EMAIL OF TECH. CONTACT:
703-999-5012 [email protected]
Generic Test Criteria for Product Group Tests
SC Magazine Labs
These are the criteria appearing in our generic (baseline) test matrix. Under each category there is a list of generic
criteria that the tester evaluates as appropriate.
Finally, each product group has individual tests designed specifically for the group and each group has a unique test bed
configuration designed to facilitate testing of the product types within the group.
The criteria for each major category are listed below as they appear in our generic test matrix.
EASE-OF-USE



















Management interface intuitiveness
Task efficient
Learning curve
Integratable with other products
Easy to work with
Ease of fixing problems
Defined set up procedure
Intuitive installation of
Errors encountered
User friendly
Automation/scripting
Installation verification
Stable installation
Bundled hardware and software
Installation log file
Intuitive user interface
User tutorials or wizards
Predefined reports
Graphical reports
FEATURES







Expected features?
Missing features?
Standout features?
Features of little use?
Function of advertised features?
Integrated database
Scripting language
PERFORMANCE
(Criteria in this category are graded as "strong" or "weak")




Typical condition performance
Performance under attack
Command response
Event information
DOCUMENTATION






Understandable documentation
Effective documentation
Online manuals
Installation documentation
User oriented manuals
Supplemental documentation
SUPPORT



Telephone support?
Web-based downloads?
Online forum?
VALUE FOR MONEY






Purchase for your own company?
Appropriately priced?
Extra fees?
Updates included?
Life cycle costs?
In the context in which the product is used, is it priced appropriately given its overall cost of ownership and its
scores in other categories?
OVERALL RATING
The rating from each of the scores awarded by the reviewer in the individual categories is averaged to achieve the
Overall Rating.
Related documents
Mastering Windows Network Forensics and Investigation
Mastering Windows Network Forensics and Investigation
FORENSICS Computer Forensics
FORENSICS Computer Forensics
Data Foresensics
Data Foresensics
Lesson Plan Software
Lesson Plan Software
Form Offer Letter
Form Offer Letter
Introductory PowerPoint
Introductory PowerPoint
Electrical Safety
Electrical Safety
Purpose of Ultimatum Game Experiments
Purpose of Ultimatum Game Experiments
Windows Forensics - University of Washington
Windows Forensics - University of Washington
Introduction to Forensics
Introduction to Forensics
Operating systems
Operating systems
No Slide Title
No Slide Title
Lesson 4; The Human Body
Lesson 4; The Human Body
Enhancing Interpretation of Patient-reported
Enhancing Interpretation of Patient-reported
First Responder of the Future White Paper
First Responder of the Future White Paper