Responder LE (Law Enforcement Exclusive)

THIS RESPONDER SUITE IS OFFERED TO LAW ENFORCEMENT ORGANIZATIONS AT MORE THAN A 75% DISCOUNT!

Catching cybercriminals today requires investigators to perform difficult and time-consuming memory forensics while simultaneously locating, or ruling out, advanced malware infections — not an easy task. Law enforcement agency budgets have been severely cut due to the economic recession. To meet these challenges, HBGary offers Responder™ LE exclusively for law enforcement at a significantly discounted price.



You must have a badge to obtain Responder LE.



Memory Preservation

FDPro™ is included with Responder™ LE and is the industry’s most complete memory acquisition software utility, designed to preserve Windows™ physical memory for information security and computer forensic purposes. FDPro™ supports all versions of Windows™ operating systems and service packs, 32- and 64-bit, including systems with more than 4 GB of RAM. FDPro™ also supports acquisition of the Windows™ pagefile following the acquisition of RAM and other useful tricks for a more thorough memory investigation.

Today, if you’re not doing memory analysis as part of your computer case, you are not doing a complete investigation. Don’t lose your court case because you didn’t perform a complete computer investigation. The Field Edition includes memory preservation, diagnosis and reporting.

Operating System Information:

Running processes and modules
Open files
Network connections and listening ports
Open registry keys
Interrupt Descriptor Table
System Service Descriptor Table

Application Information:

Passwords in clear text
Unencrypted data
Instant messenger chat sessions
Document data
Web-based email
Outlook email

Maleware Detection:

Keystroke loggers
Rootkits
Trojans
Bots
Banking Trojans
Polymorphic code

Preservation of Windows Physical Memory and Pagefile:

FastDump Pro enables investigators and security analysts to easily "freeze the live memory" on workstations and servers. Pagefile acquisition support, 64-bit support, and FastDump Pro also provide process probing, compression, speed upgrades, and nearly 100% reliable memory-page queries for systems with more than 4GB of RAM.

Memory Analytics:

Responder Field Edition provides the most thorough and comprehensive memory analysis capability in the industry. Responder virtually rebuilds all the underlying data structures in RAM. This includes all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigation.

Field edition tree view and all processes view:

Memory Analysis can expose the following types of information::

Operating System Information

Running processes
Open files
Network connections and listening ports
Open registry keys per process
Interrupt Descriptor Table
System Service Descriptor Table

Application information

Passwords in clear text
Unencrypted data
Instant messenger chat sessions
Document data
Web based email
Outlook email

Malware Detection

Keystroke logging
Rootkits & Trojans


The HBGary Responder™ platform is designed to perform a comprehensive and complete live Windows memory investigation. Responder allows analysts and investigators to easily preserve the entire contents of live memory and the Pagefile on Windows operating systems in a forensically sound manner. Responder then analyzes and diagnoses the memory image to reveal operating system, user, and application information critical to computer investigations.

Harvested information includes both kernel and user-mode objects, structures, binaries, and other useful artifacts. When malicious or suspect applications, drivers, and other executables are found Responder can seamlessly extract the file(s) from the memory image retaining portable executable (PE) structure so they can be further diagnosed, executed, and monitored in their unpacked state.

This methodology allows Responder to defeat many packers and other obfuscation techniques used by malware writers. Following binary extraction, analysts can utilize Responder’s reverse engineering engine to perform static and runtime disassembly to rapidly identify stealth activity, file system changes, registry modifications, network activity, encryption/decryption routines and other malicious code actions.

Analysts requiring even deeper understanding of malware or suspicious applications can perform binary and runtime forensic analysis with run trace, data flow tracing, and debugging capabilities. Lots of information can be found in memory, malware, chat sessions, registry keys, encryption keys, socket information and more. Responder™ Professional provides an easy to use GUI that allows you rapid recovery of this type of information. The GUI is designed to support investigation workflow NO DIFFICULT COMMAND LINE interface. Responder allows every investigator to be successful with minimal effort.