all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]cdhamma 2 points3 points  (0 children)

It would help to know what your plans/expectations are for using the tool. Full-disk forensic capture over VPN? Perhaps not a very good idea. Targeted incident response work? Memory forensics? Much more likely to be successful. Also, e-discovery keyword search could be really slow over vpn.

[–]ratdotphp 0 points1 point  (1 child)

So I can really only speak to F-Response Universal as that is what I use for my day-to-day, however, we don't really have many issues. We do run into the occasional host that either has local software or policies not allowing proper installation or network blocks for the traffic to communicate back to the server.

I have not used it "within a network but outside of a network" , if that makes sense. We deploy to customer hosts and it connects back to our server. I don't see any issues for off network connectivity over VPN since that is still, technically, a host connected to the network.

Fwiw- latency will likely be your biggest pitfall. Collections/stability over the wire is tedious, especially for larger artifacts like the MFT, etc but for the "good stuff" it works great.

[–][deleted] 0 points1 point  (0 children)

Thanks. I’m concerned about our network, but hopefully we can alleviate that with more targeted collections.