MANDIANT First Response is a free software to perform a live investigation locally or over the network. So it could be interesting to deploy the program in an enterprise environment.
Version 1.1. introduces SSL to ensure authenticity and confidentiality on the connecton between the workstation and the host under examination.
Further information is available from MANDIANT, the program is available from c|net.
I'm going to test the program during the next days and will report back here shortly.
05/13/2006: And here is my first experience with First Response.
12/21/2006: Symantec issued a security advisory about First Response. Mandiant provides a fixed version (1.1.1).
