Difference between pages "Tcpdump" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: {{Infobox_Software | name = tcpdump | maintainer = The Tcpdump team | os = {{Linux}} | genre = Network forensics | license = {{BSD license}} | website = [http://www.tcpdump.org...)
 
(Publications)
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = tcpdump |
+
   name = Rekall |
   maintainer = The Tcpdump team |
+
   maintainer = [[Darren Bilby]] and others |
   os = {{Linux}} |
+
   os = {{Cross-platform}} |
   genre = Network forensics |
+
   genre = {{Incident response}} |
   license = {{BSD license}} |
+
   license = {{APL}} |
   website = [http://www.tcpdump.org/ www.tcpdump.org] |
+
   website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 
}}
 
}}
  
'''tcpdump''' is a common packet sniffer for [[Unix]]-like operating systems ([[Linux]], [[BSD]], etc).
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
[[Category:Network Forensics]]
+
= See also =
 +
* [[rekall]]
  
== Overview ==
+
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.
+
== Publications ==
It can also save the packet data to a file for later analysis.
+
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser], [[Michael Cohen]], Digital Investigation, 2013.
  
== External Links  ==
+
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
* [http://www.winpcap.org/windump/ WinDump - tcpdump for Windows]
+
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013] , by [[Darren Bilby]]

Revision as of 14:20, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

See also

External Links

Publications

Presentations

Workshops