Your Mission: Connect to a remote Apple target(s) disk using F-Response Enterprise Edition.

Similar documents
Your Mission: Connect to a remote Linux target(s) disk using F-Response Consultant Edition.

Mission Guide: Covert Deploy

All Versions Users Manual All Versions. Version 5.0.1

Bitnami Apache Solr for Huawei Enterprise Cloud

MassTransit 6.0 Installation Guide for Enterprise and Professional Servers on Macintosh

Configuring Cross Platform Monitoring Using System Centre Operation Manager 2007 R2

Provides a complete breakdown of leveraging F-Response to perform expert remote e-discovery, computer forensics, and incident response.

RED IM Integration with Bomgar Privileged Access

Mission Guide: GUI Windows

IMS Troubleshooter Application. IMS Troubleshooter Application

QuickStart Guide for Managing Computers. Version

MassTransit Server Installation Guide for Windows

Bitnami MEAN for Huawei Enterprise Cloud

Bitnami JRuby for Huawei Enterprise Cloud

Backup using Quantum vmpro with Symantec Backup Exec release 2012

IT Essentials v6.0 Windows 10 Software Labs

Encrypting virtual pattern data with IBM Encryption Pattern for Security First SPxBitFiler-IPA

Dell License Manager Version 1.2 User s Guide

Bitnami ProcessMaker Community Edition for Huawei Enterprise Cloud

QuickStart Guide for Managing Computers. Version

Immersion Day. Getting Started with Windows Server on. Amazon EC2. Rev

Xton Access Manager GETTING STARTED GUIDE

Ansible Tower Quick Setup Guide

QuickStart Guide for Managing Computers. Version 9.73

QuickStart Guide for Managing Computers. Version 9.32

BusinessObjects Enterprise / Crystal Reports Server XI R1 and R2

Upgrading Software and Firmware

License Server Administrator Guide How to configure and manage a license server for sharable licenses

Dell EMC ME4 Series vsphere Client Plug-in

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

Freshservice Discovery Probe User Guide

WORKSHARE PROFESSIONAL 9 DOWNLOADING AND LICENSING GUIDE

Web Console Setup & User Guide. Version 7.1

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

User Guide. Version R95. English

Getting started with System Center Essentials 2007

Installing Double-Take

Altiris Client Management Suite 7.1 from Symantec User Guide for Mac Management

New World ERP-eSuite

Upgrade Tool Guide. July

Application Servers - Installing SAP Web Application Server

Automic Agent Deployment and Upgrade Toolkit. How-To Documentation

Version Installation Guide. 1 Bocada Installation Guide

Bitnami Dolibarr for Huawei Enterprise Cloud

Troubleshooting Cisco DCNM

SOA Software API Gateway Appliance 6.3 Administration Guide

This job aid will show Portal Administrators and users how to perform self-serve tasks for their account.

OPC UA Configuration Manager Help 2010 Kepware Technologies

McAfee MER for EPO 3.1 Walkthrough Guide. About this guide This guide provides information on how to use McAfee MER for EPO 3.1.

VI. Corente Services Client

OpenStack Havana All-in-One lab on VMware Workstation

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

etime Version 8.0 Hourly Non-Exempt Employee Instruction Manual

Immersion Day. Getting Started with Windows Server on Amazon EC2. June Rev

Important notice regarding accounts used for installation and configuration

Manual Ftp Windows Server 2008 Firewall Settings Group Policy

Learners Guide. Overview. Introduction. How do I log in to ecooper University? Welcome to the ecooper University Learners Guide!

CazCoin VPS Masternode Setup December 2018

CounterACT VMware vsphere Plugin

OPC UA Configuration Manager PTC Inc. All Rights Reserved.

EntraPass Installation Guide Kantech-OnBoard systems

Likewise Enterprise Administrators Guide

PigCHAMP Knowledge Software. Enterprise Edition Installation Guide

Bitnami Coppermine for Huawei Enterprise Cloud

Tanium Discover User Guide. Version 2.x.x

GSS Administration and Troubleshooting

Administration Guide

VII. Corente Services SSL Client

WhatsConfigured v3.1 User Guide

Function. Description

Support Backups and Secure Transfer Server Changes - i-cam

Configuring Cisco TelePresence Manager

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

Distributed Processing

Setting up PuTTY. CTEC1767 Data Communications & Networking CTEC1863 Operating Systems CTEC1906 Internet Computing

IDENTITY MANAGEMENT & SINGLE SIGN-ON (SSO) HELP GUIDE UPDATED JUNE 2018

This guide details the deployment and initial configuration necessary to maximize the value of JetAdvantage Insights.

HPE ilo mobile app for ios

SUREedge MIGRATOR INSTALLATION GUIDE FOR VMWARE

Lab 1: Accessing the Linux Operating System Spring 2009

Bitnami Piwik for Huawei Enterprise Cloud

CounterACT VMware vsphere Plugin

Immersion Day. Getting Started with Linux on Amazon EC2

Amalgamated Investment Management (AIM) User Manual

EntraPass (W10) Installation Guide Kantech-OnBoard systems

Moving HRtrack to a new computer

Dell EMC Repository Manager Version 3.0. User s Guide

Bitnami MySQL for Huawei Enterprise Cloud

BitLocker Encryption for non-tpm laptops

Simplifying Blade Server Update with Dell Repository Manager

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

Aspera Connect Mac: OS X 10.6, 10.7, 10.8, Revision: Generated: 11/11/ :29

Remote Access Via Remote Desktop

The following sections describe the various menu options.

PAN 802.1x Connector Application Installation Guide

The following topics explain how to get started configuring Firepower Threat Defense. Table 1: Firepower Device Manager Supported Models

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

ForeScout Extended Module for Advanced Compliance

Bitnami Tiny Tiny RSS for Huawei Enterprise Cloud

MaaS360.com. MaaS360 On-Premises. Database Virtual Appliance Setup Guide

Transcription:

Your Mission: Connect to a remote Apple target(s) disk using F-Response Enterprise Edition. Note: This guide assumes you have installed F-Response Enterprise Edition, your F-Response licensing dongle is plugged into your analyst machine, the F-Response License Manager Monitor is installed and running, and the F- Response Enterprise Management Console (FEMC) has been started. Remote Login (SSH) should be enabled on the Apple target(s). For more information, please reference the F-Response User Manual, or the F-Response Enterprise Edition Training Video on the F-Response Website. F-Response supports deployment to Apple platforms via the F-Response Enterprise Management Console (FEMC). The easiest way to deploy the F-Response target code is by using the FEMC as demonstrated below. Step 1: Ready the Console! Before using the FEMC some configuration is required. You will need to configure the Deployment Options Configure, and Credentials Configure windows. The details can be found in the F- Response Manual, but to accomplish our mission as quickly as possible here are some quick configuration suggestions: In the FEMC go to File Configure Options and the Deployment Options Configure window will open. Good news, some of the work here has already been done for you, and typically once you input this information you won t need to change it again. You ll only need to fill in the Host Configuration and Windows Service Install Configuration sections. Under Host Configuration, enter a username and password for F- Response to use while communicating with your Apple target machine(s). You can make it anything you would like. Leave the TCP port default at 3260 and ignore the box for Physical Memory as this is not an option for Apple targets. Under F-Response Windows Service Install Configuration you will need to enter in a Service Name and Description (your choice entirely) and select the Windows version of F-Response as the Executable. If you installed F-Response with the standard defaults you can browse to the C:\Program Files\F-Response\F-Response Enterprise Edition directory and choose the f-response-ent.exe file. This will unlock access to the scanning options in later steps. The IP Address of your License Manager (your analyst machine s IP) and default port of 5681 will automatically populate under the Validation Configuration section. The Unix Platform Specific Deployment Options portion of the window (the lower half) allows you to make temporary exceptions to the Apple firewall for your environment, run scripts, and set additional targets. The defaults provided here should be sufficient such that no action is needed unless you suspect the need to reset to the factory defaults. You can do this by selecting Apple OSX from the platform list and clicking the Reset Current button. Configuration of the firewall, scripts, and additional targets are beyond the scope of this mission guide.

Next you need to configure your Apple login credentials to deploy to your Apple target machine(s). In the FEMC go to File Configure Credentials and the Credentials Configure window will open: Here we are only concerned with the Unix Credentials, the lower half of the window. F-Response uses SSH/SFTP to access Apple targets. Unix Credentials are covered in detail in Appendix E of the F-Response Manual, but here is a quick overview to accomplish your mission. Generally there are two types of Apple accounts for our purposes: the all powerful administrator root account, and a general user account that can assume root privileges for a time. The Root account on Apple machines is disabled by default so most likely this is not an option. Given the power of the Root account, it is more likely you will be using a general user account that will assume root privileges. For Apple machines, we can accomplish this using Sudo. Sudo, or SuperUser Do, is used to execute a command as the Root administrator. To configure F-Response to deploy to your Apple target using sudo: Check the box for User in the User Account section and enter your account name. Choose sudo from the Assume Root drop down box. Check the box for both User Password and enter the password. Click the Add button to add the account to the list of credentials for F-Response. Once you have configured your deployment settings and login credentials you are ready to use F-Response to connect to your Apple target(s). Step 2: Scan for target Apple machines In the FEMC there are several ways to scan for your Apple target machine(s). For our purposes, we assume you already have a list of machines you would like to connect to so we are going to use the custom scan option. In the FEMC choose Custom Scan from the Scan menu, enter your Apple machine name(s) or IP address each separated by a comma. This data is retained so you may need to clear out any old information first. Click OK to have F-Response start scanning.

Step 3: Deploy and start F-Response on your target When the scan completes, Apple machines can be identified in the list by the F- Response Apple icon: To deploy the F-Response target code to a Apple machine, highlight and right click on it then select Install/Start F-Response. The Install/Start option will Deploy, Start, and Discover target disks on the remote Apple machine in a single step. deployment drop down menu. The F-Response badge will appear in green indicating F-Response is now running on your target. If you have several Apple targets you need to install F- Response on, you can highlight them all under the deployment tab and choose Install/Start F-Response from the Step 4: Connect to disk(s) on your Apple target(s) Once F-Response is installed and running on your target machines, as seen by the icons with green badges can find, connect, and open a write-blocked connection to the disk(s)., you The list of potential targets will be listed under the Connect tab. Here you can pick what disk(s) to connect to by highlighting and choosing Login to F-Response Disk from the Connect drop down or right click menus. Once you log into the target disk the F- Response badge icon will change from gray to blue and the Connected status column will show as Connected.

Step 5: Fire up the tool of your choice! F-Response is a vendor neutral product. Once F-Response presents the remote target disk as a write-blocked local connection, we step out of your way so that you can select the right tool to get your job done. At this point, you can reach into your toolbox and apply the tool of your choice to the target disk(s). Good luck in your future mission. Understanding F-Response Naming F-Response uses the following naming convention for target disks: iqn.2008-02.com.f-response.hostname.o/s disk name We are only concerned with the HOSTNAME.O/S disk name portion of the name. HOSTNAME is the name of your Apple target machine. If you only know the IP address a quick glance back at the Active Clients tab will help you tie the hostname to the address. For the O/S disk name, Apple identifies hard disks using the format rdisk#. The x portion is a number, starting with zero, representing the order the Apple O/S added the drive. For example: This target is the first physical drive on the Apple machine named myapple. Troubleshooting F-Response says I m connected to the remote disk, yet I cannot see it in Explorer? Correct, while your Windows analysis machine can only read FAT and NTFS, Apple most likely is using the one of the Apple standard HFS+ file system formats. To view the disk you will need use one of your third party tools. My Apple target shows in the scan list, yet it does not appear under the deployment tab? You just need to refresh the full view by double-clicking the root of the scan tree. I can deploy F-Response to my target machines, but when I try to start it I get an error telling me it could not connect to Validation server? Check your license manager is bound to the correct local IP address on your analyst machine. I am unable to connect to the remote F-Response Apple target, it just shows up with a question mark. Check the Messages tab. It s possible the credentials are configured incorrectly. Note that your Apple user account must have a password to use sudo and cannot be blank. F-Response is still telling me it is unable to connect to the remote target? You may want to test your credentials without F-Response. Trying using a tool like PuTTy to connect to your target machine using SSH (remember SSH and SFTP must be enabled on the target machine).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback