Difference between revisions of "GRR"

From ForensicsWiki
Jump to: navigation, search
(Created page with "{{Infobox_Software | name = Rekall | maintainer = Darren Bilby and others | os = {{Cross-platform}} | genre = {{Incident response}} | license = {{APL}} | websi...")
 
m (Publications)
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = Rekall |
+
   name = GRR |
 
   maintainer = [[Darren Bilby]] and others |
 
   maintainer = [[Darren Bilby]] and others |
 
   os = {{Cross-platform}} |
 
   os = {{Cross-platform}} |
Line 9: Line 9:
  
 
GRR is an Incident Response Framework focused on Remote Live Forensics.
 
GRR is an Incident Response Framework focused on Remote Live Forensics.
 +
 +
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
 +
 +
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
  
 
= See also =
 
= See also =
 +
* [[pytsk]]
 
* [[rekall]]
 
* [[rekall]]
 +
* [[sleuthkit]]
  
 
= External Links =
 
= External Links =
Line 17: Line 23:
 
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 
* [http://grr.googlecode.com/git/docs/index.html Documentation]
 
* [http://grr.googlecode.com/git/docs/index.html Documentation]
 +
 +
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
 +
* [https://www.blackhat.com/docs/us-14/materials/us-14-Castle-GRR-Find-All-The-Badness-Collect-All-The-Things-WP.pdf GRR Artifacts], by [[Greg Castle]], Blackhat 2014
 +
 +
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
 +
 +
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]

Latest revision as of 01:34, 26 August 2014

GRR
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

See also

External Links

Publications

Presentations

Workshops