What is F-Response Collect?
Collect is the newest server-based product provided by F-Response designed to create images of remote Windows devices, user profiles, and custom file collections from virtually anywhere.
Collect was built and designed during the pandemic for "trustless" and "vpnless" organizations struggling with the last mile, i.e. collecting data from Windows computers that never connect directly to their main network.
Collect is a fully scriptable and automated image collection system built and designed to provide robust, rapid, and automatically resuming forensic collection.
How does F-Response Collect work?
Collect is a server-based solution. It provides a central, secure repository that remote subject computers connect to on a periodic interval to determine if a forensic collection is necessary. Should the examiner or admin request such a collection, and configure the necessary target(s), (Targets may be disks, volumes, profiles, or custom file collections) the subject will begin compressing, encrypting, and uploading the contents to the server.
F-Response Collect is sold in 1 and 3 year license durations.
What are the advantages of F-Response Collect?
Collect represents a considerable shift in the core F-Response model. Unlike other offerings in the F-Response product suite, Collect does not provide direct access to the remote subject, instead it uses a disconnected tasking model. Collect Subjects were designed from the ground up for loss of connectivity. This means they will resume automatically in the event of a network drop, reboot, or loss of operation event. For a complete summary of the F-Response product suite see the Product Matrix.
Who would use F-Response Collect?
For E-Discovery Professionals
F-Response Collect was designed to give litigation teams extended geographic and technical reach to collect from remote Windows machines wherever they are, including at home, on the road, or in various sites.
For Forensic Investigators
F-Response Collect includes the ability to create raw and universally readable images of custom files, user profiles, disks, volumes, partitions, and even RAID devices, allowing a Forensic examiner to leverage existing tools, techniques, and methodologies to perform investigations with pinpoint accuracy and precision.
F-Response Collect In Action
F-Response Collect - Windows
F-Response Collect Benefits
100% resumable within 10 megabytes of the last upload
F-Response Collect Subjects and the Collect Server work in tandem to maintain a consistent image position and allow imaging operations to resume smoothly (within 10 megabytes of the last upload.)
F-Response Collect offers full MSI creation so examiners and/or admins can create an Microsoft Software Installer that will fit within their environment directly from the console.
Full Live Read-Only Imaging
F-Response Collect provides live, read-only imaging of a remote Windows machine's disks and volumes. Since all access either at the physical level or through bkackup-specific Windows APIs, there should be no file level locking.
All subject data in transit when using F-Response Collect is encrypted using negotiated TLS1.2 ciphers.
F-Response Collect offers a simple and straight-forward scripting model to provision collections from remote machines without requiring GUI access.
Licensing and Usage
F-Response Collect is sold in 1 and 3 year license terms. F-Response Collect has no licensed limit to the number of concurrent examiners or connections (actual performance may vary based on bandwidth, region networks, client systems, etc).
Buy F-Response Collect
F-Response Collect is available in 1 and 3 year license terms and can be purchased directly from F-Response.com. Buy F-Response Collect.
IMPORTANT NOTE: Always remember, all renewal prices are available here on our website, and all licenses of F-Response automatically include maintenance, support, online training, enhancements, implementation assistance, and new releases throughout the term of your license.