ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "Tcpdump" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: {{Infobox_Software | name = tcpdump | maintainer = The Tcpdump team | os = {{Linux}} | genre = Network forensics | license = {{BSD license}} | website = [http://www.tcpdump.org...)
 
(Publications)
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = tcpdump |
+
   name = Rekall |
   maintainer = The Tcpdump team |
+
   maintainer = [[Darren Bilby]] and others |
   os = {{Linux}} |
+
   os = {{Cross-platform}} |
   genre = Network forensics |
+
   genre = {{Incident response}} |
   license = {{BSD license}} |
+
   license = {{APL}} |
   website = [http://www.tcpdump.org/ www.tcpdump.org] |
+
   website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 
}}
 
}}
  
'''tcpdump''' is a common packet sniffer for [[Unix]]-like operating systems ([[Linux]], [[BSD]], etc).
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
[[Category:Network Forensics]]
+
= See also =
 +
* [[rekall]]
  
== Overview ==
+
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.
+
== Publications ==
It can also save the packet data to a file for later analysis.
+
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser], [[Michael Cohen]], Digital Investigation, 2013.
  
== External Links  ==
+
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
* [http://www.winpcap.org/windump/ WinDump - tcpdump for Windows]
+
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013] , by [[Darren Bilby]]

Revision as of 19:20, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

See also

External Links

Publications

Presentations

Workshops