Responder Field

Are You Performing Complete Memory Investigation?
Responder™ Field Edition: A complete Windows Memory™ Investigation Suite. A must have tool for all computer forensic investigators, law enforcement and information security professionals.

Today if you’re not doing memory analysis as part of your computer case than you’re not doing a complete investigation. Don’t lose in court because you didn’t perform a complete computer investigation. Includes: memory preservation, diagnosis and reporting.


Preservation Of Windows Physical Memory And Pagefile
FastDump Pro enables investigators and security analysts to easily “freeze the live memory” on workstations and servers. Pagefile acquisition support, 64-bit support, FastDump Pro also provides process probing, compression, speed upgrades, and nearly 100% reliable memory-page queries for systems with more than 4GB of RAM.


Memory Analytics
Responder FE provides the most thorough and comprehensive memory analysis capability in the industry. Responder virtually rebuilds all the underlying data structures in RAM. This includes all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigation.

Product Features
  • Operating System Information
    • Running processes
    • Open files
    • Network connections and listening ports
    • Open registry keys per process
    • Interrupt Descriptor Table
    • System Service Descriptor Table
  • Application Information
    • Passwords in clear text
    • Unencrypted data
    • Instant messenger chat sessions
    • Document data
    • Web based email
    • Outlook email
  • Malware Detection
    • Keystroke logging
    • Rootkits & Trojans
    • Sub bullet point three


    The HBGary Responder™ platform is designed to perform a comprehensive and complete live Windows memory investigation. Responder allows analysts and investigators to easily preserve the entire contents of live memory and the Pagefile on Windows operating systems in a forensically sound manner. Responder then analyzes and diagnoses the memory image to reveal operating system, user, and application information critical to computer investigations. Harvested information includes both kernel and user-mode objects, structures, binaries, and other useful artifacts. When malicious or suspect applications, drivers, and other executables are found Responder can seamlessly extract the file(s) from the memory image retaining portable executable (PE) structure so they can be further diagnosed, executed, and monitored in their unpacked state.

    This methodology allows Responder to defeat many packers and other obfuscation techniques used by malware writers. Following binary extraction, analysts can utilize Responder’s reverse engineering engine to perform static and runtime disassembly to rapidly identify stealth activity, file system changes, registry modifications, network activity, encryption/decryption routines and other malicious code actions.

    Analysts requiring even deeper understanding of malware or suspicious applications can perform binary and runtime forensic analysis with run trace, data flow tracing, and debugging capabilities.
Payment Downloads