Difference between pages "Defense Cyber Crime Institute" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Outreach moved to FX)
 
(See also)
 
Line 1: Line 1:
The '''Defense Cyber Crime Institute''', or '''DCCI''', is the Research and Development section of the [[Defense Cyber Crime Center]] based in Linthicum, Maryland. They not only develop new tools, but also rigorously test existing tools to make sure they meet the standards for DoD investigations. The DCCI consists of four branches:
+
{{Infobox_Software |
* Research, Development, Testing & Evaluation - Develops new tools and tests exitsing ones.
+
  name = Rekall |
* Analysis and Assessment
+
  maintainer = [[Darren Bilby]] and others |
* Plans and Policy
+
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
== DCCI Reports ==
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
Reports generated by the DC3 are available to US government agencies and law enforcement organizations. Members of these agencies can request copies at any time. [[:Category:Vendor|Vendors]] can request that the DCCI evaluate their products too.
+
  
== DCCI Dispatch ==
+
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
The DCCI dispatch is a post-only mailing list, updated once a day, with news stories relating to computer crime investigations, the Department of Defense and the U.S. Government. Anyone can subscribe to the list via the [http://dc3.mil/dcci/dispatch.htm DCCI Dispatch website].
+
  
== External Links ==
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
* [http://dc3.mil/dcci/dcci.htm Official website]
+
 
 +
= See also =
 +
* [[pytsk]]
 +
* [[rekall]]
 +
* [[sleuthkit]]
 +
 
 +
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
 +
 
 +
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
 +
 
 +
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
 +
 
 +
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]

Revision as of 14:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

See also

External Links

Publications

Presentations

Workshops