Difference between pages "Malware" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(See Also: Add link to Android malware list)
 
(See also)
 
Line 1: Line 1:
'''Malware''' is a short version of '''Malicious Software'''.
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
Malware includes computer viruses, worms, trojan horses, spyware, etc.
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
== Virus ==
+
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
A computer program that can automatically copy itself and infect a computer.
+
  
== Worm ==
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
A self-replicating computer program that can automatically infect computers on a network.
+
  
== Trojan horse ==
+
= See also =
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
+
* [[pytsk]]
 +
* [[rekall]]
 +
* [[sleuthkit]]
  
== Spyware ==
+
= External Links =
A computer program that can automatically intercept or take partial control over the user's interaction.
+
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
== See Also ==
+
== Publications ==
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
+
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
* [http://www.viruslist.com/ Viruslist.com]
+
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
+
  
[[Category:Malware]]
+
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
 +
 
 +
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]

Revision as of 15:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

See also

External Links

Publications

Presentations

Workshops