What is F-Response Collect?
F-Response Collect is a server-based product designed to facilitate the creation of images of remote Windows devices, memory, user profiles, and custom file collections from virtually anywhere.
Collect was built and designed during the pandemic for "trustless" and "vpnless" organizations struggling with the last mile, i.e. collecting data from Windows computers that never connect directly to their main network.
Collect is a fully scriptable and automated image collection system built and designed to provide robust, rapid, and automatically resuming forensic collection.
Still not sure? You'll find a video of F-Response Collect in action below.
See F-Response Collect In Action
How does F-Response Collect work?
Collect is a server-based solution. It provides a central, secure repository that remote subject computers connect to on a periodic interval to determine if a forensic collection is necessary. Should the examiner or admin request such a collection, and configure the necessary target(s), (Targets may be disks, volumes, profiles, memory, or custom file collections) the subject will begin compressing, encrypting, and uploading the contents to the server.
What are the advantages of F-Response Collect?
Collect represents a considerable shift in the core F-Response model. Unlike other offerings in the F-Response product suite, Collect does not provide direct access to the remote subject, instead it uses a disconnected tasking model. Collect Subjects were designed from the ground up for loss of connectivity. This means they will resume automatically in the event of a network drop, reboot, or loss of operation event. For a complete summary of the F-Response product suite see the Product Matrix.
Who would use F-Response Collect?
For E-Discovery Professionals
F-Response Collect was designed to give litigation teams extended geographic and technical reach to collect from remote Windows machines wherever they are, including at home, on the road, or in various sites.
For Forensic Investigators
F-Response Collect includes the ability to create raw and universally readable images of custom files, user profiles, disks, volumes, partitions, and even RAID devices, allowing a Forensic examiner to leverage existing tools, techniques, and methodologies to perform investigations with pinpoint accuracy and precision.
For Incident Handlers/Responders
F-Response Collect includes the ability to create raw and universally readable images of physical memory from remote windows machines.
F-Response Collect Benefits
100% resumable within 50 megabytes of the last upload
F-Response Collect Subjects and the Collect Server work in tandem to maintain a consistent image position and allow imaging operations to resume smoothly (within 50 megabytes of the last upload.)
F-Response Collect offers full MSI creation so examiners and/or admins can create an Microsoft Software Installer that will fit within their environment directly from the console.
Full Live Read-Only Imaging
F-Response Collect provides live, read-only imaging of a remote Windows machine's disks, volumes, and memory. Since all access is either at the physical level or through backup-specific Windows APIs, there should be no file level locking.
All subject data in transit when using F-Response Collect is encrypted using negotiated TLS 1.2 ciphers.
F-Response Collect offers a simple and straight-forward scripting model to provision collections from remote machines without requiring GUI access.
Remote File Share Collection (SMB, NAS, etc.)
F-Response Collect includes support for collecting file and folder content from remote SMB and SFTP shares. This includes both NAS devices, and remote Windows, Linux, and Apple servers. For more details on F-Response's specific SMB and SFTP collection options, please see the appropriate Mission Guide on our Mission Guides and Documentation page.
Cloud Server Collection
F-Response Collect includes support for snapshotting and collecting Amazon EC2 and Azure Compute server volume images. For more details on F-Response's specific EC2 and Azure Compute collection options, please see the appropriate Mission Guide on our Mission Guides and Documentation page.
Cloud Files Collection
F-Response Collect includes support for collecting cloud data from the following providers: Azure Blog Storage, Amazon Simple Storage Services (S3), Box.com for Business, Box.com for Consumers, Dropbox for Business, Dropbox for Consumers, Google Drive for Consumers, Google Mail for Consumers, Google Workspaces (Formerly GSuite), Microsoft OneDrive for Consumers, and Office365 OneDrive. For more details on F-Response's specific Cloud Files collection options, please see the appropriate Mission Guide on our Mission Guides and Documentation page.
Licensing and Usage
F-Response Collect is sold in 1 and 3 year license terms. F-Response Collect has no licensed limit to the number of concurrent examiners or connections (actual performance may vary based on bandwidth, region networks, client systems, etc).
Buy F-Response Collect
F-Response Collect is available in 1 and 3 year license terms and can be purchased directly from F-Response.com. Buy F-Response Collect.
IMPORTANT NOTE: Always remember, all renewal prices are available here on our website, and all licenses of F-Response automatically include maintenance, support, online training, enhancements, implementation assistance, and new releases throughout the term of your license.