Difference between pages "Using signature headers to determine if an email has been forged" and "GRR"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Domain Key Signatures)
 
 
Line 1: Line 1:
{{Expand}}
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
 +
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
== DomainKeys Identified Mail ==
+
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
{main|DomainKeys Identified Mail}
+
  
== Domain Key Signatures ==
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
  
These headers, included by the mail server, provide a signature of each message. See [[Gmail Header Format]]. The public keys are distributed via [[Domain Name System|DNS]].
+
= See also =
 +
* [[rekall]]
  
== Signed mail ==
+
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
Some other programs can be used by the sender to sign an email message. Programs such as [[PGP]], [[GnuPG]].
+
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
  
=== PGP Messages ===
+
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
Messages sent using PGP, or its free equivalents such as GnuPG, have the signature in the message body itself. Each message can be signed, encrypted, or both. Encrypted messages begin with the header
+
== Workshops ==
<pre>-----BEGIN PGP MESSAGE-----</pre> followed by some optional headers. The optional headers may include the character set of the decoded message, the program and version that created the message, and an optional comment. The end of the message is noted with <pre>-----END PGP MESSAGE-----</pre> Between these two lines are a series of ASCII characters that represent the encrypted or signed message.
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]
 
+
A signed message has the header <pre>-----BEGIN PGP SIGNATURE-----</pre> at the ''end'' of the signed message followed by the same optional headers as encrypted messages. The signature is usually three lines of ASCII characters.
+
 
+
== See Also ==
+
* [[Using message id headers to determine if an email has been forged]]
+
 
+
[[Category:Howtos]]
+

Revision as of 14:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

Contents

See also

External Links

Publications

Presentations

Workshops