ForeignSix IR — Remote Incident Response Orchestration
Self-hosted forensic acquisition over a private WireGuard mesh — for cybersecurity professionals, incident responders, and digital forensic analysts.
ForeignSix IR is a modern, self-hosted incident response orchestration platform that allows you to acquire forensic disk images from any machine, anywhere in the world, without shipping hardware or flying analysts on-site. Deploy lightweight agents on Windows, Linux, or macOS endpoints. Your IR server, running on infrastructure you control, manages the agents, schedules acquisitions, verifies data integrity, and produces a court-ready Chain-of-Custody form at the end of every job.
Evidence data travels over an end-to-end encrypted WireGuard mesh directly between your agents and your server. ForeignSix operates no relay servers and has no access to your forensic data at any time. This is not a policy claim — it is a verifiable architectural property of the system.
Key Features
- Cross-Platform Agents — Self-contained agent binaries for Windows, Linux, and macOS. No dependencies, no installers, no configuration files required on the endpoint.
- Private WireGuard Mesh Network — Agents and the IR server discover each other automatically through a kernel-native WireGuard mesh, even behind NATs and firewalls. No VPN infrastructure, no certificate authority, no port forwarding required.
- Triple-Hash Integrity Verification — MD5, SHA-1, and SHA-256 checksums are computed in real time by the agent as the disk is imaged, then independently verified by the server against the incoming data stream. Silent corruption is impossible.
- Court-Ready Chain-of-Custody Form — Every completed acquisition generates a cryptographically signed Chain-of-Custody form documenting the full evidence chain from source to server, ready for legal proceedings.
- Disk Space Visibility — Before triggering an acquisition, see the exact free and total disk space on every connected agent endpoint so there are no surprises mid-job.
- Resumable Transfers — If a transfer is interrupted by a network failure or system restart, it picks up exactly where it left off. No wasted bandwidth, no starting over from zero.
- Scheduled Acquisitions — Queue an acquisition job with a delayed start time. The agent runs it unattended at the scheduled moment, even if the analyst is offline.
- Offline Agent Detection — The server continuously monitors agent heartbeats and surfaces any agent that stops responding, so you always have a live view of your deployed fleet.
- Bottleneck Detection — Real-time pressure monitoring across disk I/O, CPU, and network surfaces the limiting resource during an acquisition so you can act on it immediately.
- Case Management — Organise evidence by Case ID and evidence name, with full analyst attribution tracked end-to-end from acquisition to report.
How It Works
ForeignSix IR is deployed in three steps. First, you run the IR server binary on any machine you control — a cloud instance, an on-premises server, or a laptop on your local network. The server prints its address and starts listening for agents. Second, you deploy agent binaries to the endpoints you want to investigate. Each agent connects to the IR server automatically over the private WireGuard mesh using only the licence key — no manual network configuration. Third, you open the IR server web application in your browser to see your connected agents, review their disk inventories, and trigger acquisitions.
From the moment an acquisition begins, the agent streams compressed disk data directly to your server, computing checksums in real time. You can monitor progress, pause, and resume from the web interface. When the job completes, the server verifies all three checksums and generates the Chain-of-Custody form automatically.
Who Uses ForeignSix IR
ForeignSix IR is designed for organisations that need to conduct remote digital forensic acquisition at scale: managed security service providers (MSSPs), enterprise incident response teams, digital forensics and eDiscovery firms, law enforcement and government forensic units, and internal security teams at regulated enterprises in finance, healthcare, and critical infrastructure. Because the platform is entirely self-hosted, it is particularly well suited to environments with strict data residency, air-gap, or legal privilege requirements.
Pricing
- Free Trial — $0. Includes 3 acquisitions, 1 persistent agent, single-user access, full hash verification, and a Chain-of-Custody form. No credit card required.
- Pro — $299 per month (or $2,990 per year, saving two months). Up to 25 agents, 3 analyst seats, unlimited acquisitions, full reporting, and priority support.
- Enterprise — Starting at $1,500 per month. Unlimited agents and analyst seats, SSO/SAML integration, audit logging, API access, custom deployment assistance, and dedicated 24/7 support.
All plans are self-hosted. You run the IR server on your own infrastructure. ForeignSix never has access to your evidence data at any tier.
About ForeignSix LLC
ForeignSix LLC is an American technology company incorporated in the State of Delaware, United States. We build professional software for cybersecurity practitioners who operate in high-stakes, evidence-sensitive environments. Our engineering philosophy is that forensic platforms should be architecturally incapable of exposing your evidence to anyone other than you — not merely contractually prohibited from doing so.
Cookie Notice
This website uses only strictly necessary cookies. A short-lived session token is stored in a browser cookie solely to authenticate authorised administrators to the admin dashboard. This cookie is not set for regular visitors and is not used for tracking, analytics, advertising, or any purpose beyond authentication.
We do not use Google Analytics, advertising networks, social media tracking pixels, or any third-party behavioural tracking technologies. No consent is required for strictly necessary cookies under applicable privacy regulations (GDPR Article 5(3) / ePrivacy Directive). For full details, please read our Privacy Policy.
Legal
- Privacy Policy — How we collect, use, and protect your personal information, including your rights under GDPR and CCPA.
- About ForeignSix — Company background, mission, and registered details.