Difference between pages "Ext2" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Added ext3 link)
 
 
Line 1: Line 1:
'''ext2''' or the '''second extended file system''' is a [[Linux]] filesystem designed as a replacement for ext. Note that [[ext3]] is mostly compatible with ext2.
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
The [[SleuthKit]] and [[R-Studio]] can be used to perform recovery of data from the EXT2 filesystem. Various data carving tools like [[Foremost]] and [[Scalpel]] also support the ext2 filesystem.
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
== See Also ==
+
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
* [[ext3]]
+
  
== External Links ==
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
  
* [http://en.wikipedia.org/wiki/Ext2 Wikipedia article on EXT2]
+
= See also =
* [http://www.nongnu.org./ext2-doc/ext2.html Layout of the EXT2 Filesystem]
+
* [[rekall]]
* [http://fedora.linuxsir.org/doc/ext2undelete/Ext2fs-Undeletion.html Linux Ext2fs Undeletion mini-HOWTO]
+
* [http://unixsadm.blogspot.com/2007/11/ext2-filesystem-for-linux-and-solaris.html Using ext2 on other systems]
+
  
[[Category:Disk file systems]]
+
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
 +
 
 +
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
 +
 
 +
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
 +
 
 +
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]

Revision as of 15:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

See also

External Links

Publications

Presentations

Workshops