Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
GROUP PRODUCT REVIEWS – Product Review Request PRODUCT GROUP: Media Forensics Collection arrangements for hardware products should be made no more than 30 days following publication of the review. Products not collected after this period will be disposed of at the discretion of SC Magazine Labs. Software will be disposed of automatically unless you have ticked the appropriate box below. Collection arrangements are to be made by developers at their own expense. X Software to be collected Yes, We would like to get the Aladdin HASP key back please. HBGary Responder Professional: $9000.00 per license. 20% per year for annual maintenance. Support by email, message boards, and phone during normal business hours M-F. GROUP PRODUCT REVIEW CATEGORY: Media Forensics DETAILS – *Product name: Responder Professional *Company name: HBGary, Inc. *Version: 1.4 *Tel: 916-459-4727 *Email: [email protected] *Web: www.hbgary.com *Basic price *US $9000.00 plus 20% maintenance per year. *Support Offerings: M-F during business hours by email, phone, and message boards. IMPORTANT INSTRUCTIONS: Please ensure that the product is sent to the US test lab unless instructed otherwise and marked as shown below within seven days of this initial request. I would be grateful for a reply by close of business tomorrow. It is important that we have the above information before commissioning this review. Please note that you must also fill in Addendum A – the features form. This form describes the minimum features required for products participating in this group product review. Finally, please include a product photo in .jpg, .gif, .tif, .png or .eps format. US TEST LAB SHIPPING ADDRESS 4474 Castlewood Drive Auburn Hills, MI 48326 Attn: Mike Stephenson Email: [email protected] (248) 373 2813 Regards, Dr. Peter Stephenson, CISSP, CISM, FICAF Laboratory Director OTHER SHIPPING ADDRESS *APPENDIX A – FEATURES REQUIREMENTS GROUP PRODUCT REVIEW CATEGORY: Media Forensics (Windows RAM) GENERAL DESCRIPTION OF PRODUCTS THAT FIT IN THIS CATEGORY: following subgroups: Computer Forensics Tools in this category address the Small media/device forensics Case Management Please check the features below that your product includes. MINIMUM SPECIFC FEATURES REQUIRED FOR INCLUSION IN THIS GROUP PRODUCT REVIEW (please check all that apply to your product submission – we reserve the right to exclude products that do not meet the minimum requirements): Computer forensics: YES Media acquisition and analysis of RAM YES Must address, at minimum, the MS Windows Operating System RAM Case Management: YES Tools for managing evidence, case notes, etc. Please provide a brief description on how your product meets the above criteria from a technical perspective. Responder Professional is the industry’s first live memory and runtime analysis software suite used to detect, diagnose, and respond to today’s advanced computer threats Responder Professional comes with FDPro which is used to forensically preserve live physical memory and Pagefile on running Windows computer systems. FDPro supports all Windows OS’s from 2000 through 2008 all service packs both 32 and 64bit. RAM and Pagefile images are imported into Responder Pro which virtually rebuilds the runtime state of the machine for information security and forensic analysis purposes. These live analysis techniques are especially useful for computer intrusions, advanced malware detection, finding passwords and encryption keys, and other memory resident only type of artifacts. Responder has a friendly user interface to support investigator workflow. A flexible reporting module allows quick delivery of information to attorneys, management or clients. Reports can be exported out to CVS, PDF, RTF and other reporting standards. These new live investigation capabilities allow information security analysts, forensic investigators and incident responders to perform a more complete computer investigation. Please provide the minimum system requirement for your product (Software Products Only) Windows XP SP3 2GB RAM, As much processor as you can throw at it. Please describe technical specifications for a typical installation environment 2 Pieces of Software: 1. Responder Professional: Analyst GUI application front end. Most often installed on Windows XP or Vista. Responder uses lots of memory so you should put as much RAM into the machine as possible for more performance. 2. FDPro is the memory acquisition utility and runs best from a USB 2.0 thumb drive. Users would launch it from a command prompt or it can also be scripted. FDPro can acquire RAM and Pagefile on all Windows 2000 sp0-sp4, Windows XP sp0-sp3, 2003 Server, sp0, sp1, Vista sp0, sp1, 2008 Server. Please list the vendor and/or types of devices supported. Responder Professional can import RAM images from the software listed below: VMware ESX server images. Vmsn files VMware workstation memory snapshot files. Vmem files DD memory images MDD memory images Winen from Guidance Software Access Data FTK Imager *APPENDIX B – SUPPORT OPTIONS Support options can be difficult to extract from vendor web sites. In order to ensure that we have correct information about your customer support options please provide the following: X Basic no-cost support offered Type and for what duration? For the first year, there is email, phone, message board support at no cost. X 8x5 Fee-based options: _________________________________________________________________________ What is the fee? $_____________ Do you offer different levels of support? X No What are the levels? _________________________________________________________________ X Phone support? yes X Email Support? Yes Does your website have a support feature? X Yes, we do. Is it a knowledgebase? Yes Is it a FAQ list? Yes we have a FAQ list and also the message boards are growing. Our General Test Procedures are attached. Please note that by returning this form you acknowledge that you have read and accept those procedures. ALL OF THIS INFORMATION MUST BE PROVIDED NAME OF PERSON COMPLETING THIS FORM: TITLE OF PERSON COMPLETING THIS FORM: EMAIL FOR PERSON COMPLETING THIS FORM: Rich Cummings CTO [email protected] PHONE FOR PERSON COMPLETING THIS FORM: 703-999-5012 NAME OF PR CONTACT: PHONE AND EMAIL OF PR CONTACT: Karen Burke 650-814-3764 – [email protected] NAME OF TECHNICAL CONTACT: Rich Cummings PHONE AND EMAIL OF TECH. CONTACT: 703-999-5012 [email protected] Generic Test Criteria for Product Group Tests SC Magazine Labs These are the criteria appearing in our generic (baseline) test matrix. Under each category there is a list of generic criteria that the tester evaluates as appropriate. Finally, each product group has individual tests designed specifically for the group and each group has a unique test bed configuration designed to facilitate testing of the product types within the group. The criteria for each major category are listed below as they appear in our generic test matrix. EASE-OF-USE Management interface intuitiveness Task efficient Learning curve Integratable with other products Easy to work with Ease of fixing problems Defined set up procedure Intuitive installation of Errors encountered User friendly Automation/scripting Installation verification Stable installation Bundled hardware and software Installation log file Intuitive user interface User tutorials or wizards Predefined reports Graphical reports FEATURES Expected features? Missing features? Standout features? Features of little use? Function of advertised features? Integrated database Scripting language PERFORMANCE (Criteria in this category are graded as "strong" or "weak") Typical condition performance Performance under attack Command response Event information DOCUMENTATION Understandable documentation Effective documentation Online manuals Installation documentation User oriented manuals Supplemental documentation SUPPORT Telephone support? Web-based downloads? Online forum? VALUE FOR MONEY Purchase for your own company? Appropriately priced? Extra fees? Updates included? Life cycle costs? In the context in which the product is used, is it priced appropriately given its overall cost of ownership and its scores in other categories? OVERALL RATING The rating from each of the scores awarded by the reviewer in the individual categories is averaged to achieve the Overall Rating.