ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Second Look" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Publications)
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = Volatility |
+
   name = Rekall |
   maintainer = Raytheon Pikewerks |
+
   maintainer = [[Darren Bilby]] and others |
   os = {{Linux}} |
+
   os = {{Cross-platform}} |
   genre = [[Memory analysis]] |
+
   genre = {{Incident response}} |
   license = commercial |
+
   license = {{APL}} |
   website = [http://secondlookforensics.com/ secondlookforensics.com/] |
+
   website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 
}}
 
}}
  
[[File:second_look_logo.png]]
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
The Incident Response edition of '''Second Look®: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities.
+
= See also =
 +
* [[rekall]]
  
== Memory Acquisition ==
+
= External Links =
Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory.
+
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
== Memory Analysis ==
+
== Publications ==
Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.
+
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser], [[Michael Cohen]], Digital Investigation, 2013.
  
Second Look® also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level malware.
+
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
== Supported Systems ==
+
== Workshops ==
Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions.  The following are its capabilities as of April 2012:
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013] , by [[Darren Bilby]]
* Supported target kernels: 2.6.x, 3.x up to 3.2
+
* Supported target architectures: x86 32- and 64-bit
+
* Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!
+
 
+
== External Links ==
+
Second Look® is a product of [[Raytheon Pikewerks Corporation]]:
+
* http://secondlookforensics.com
+

Revision as of 19:20, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

See also

External Links

Publications

Presentations

Workshops