Difference between pages "Cellebrite UFED" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = Cellebrite UFED |
+
   name = Rekall |
   maintainer = [[Cellebrite]] |
+
   maintainer = [[Darren Bilby]] and others |
   os = n/a |
+
   os = {{Cross-platform}} |
   genre = [[Category:Cell Phone Tools|Cell Phone]] |
+
   genre = {{Incident response}} |
   license = {{Commercial}} |
+
   license = {{APL}} |
   website = [http://www.cellebrite.com/UFED-Standard-Kit.html http://www.cellebrite.com/] |
+
   website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 
}}
 
}}
  
The '''Cellebrite 'Universal Forensic Extraction Device' (UFED)''' is a tool for mobile phone, smartphone, and PDA forensics. As of September 2010 the UFED was compatible with over 2,500 mobile phones (including GSM, TDMS, CDMA, iDEN). The standard package containing several dozen phone cables. The UFED had an intergrated SIM reader, with Wireless connection options also being integrated, such as IR and Bluetooth.
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
The UFED also supports native Apple iPOD Touch, and Apple iPHONE extraction on both 2G and 3G versions, as well as iOS4. This is clientless, and via a physical cable, and works on jailbroken and non-jailbroken devices.  
+
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
  
Subject data can be retrieved via logical extraction or via physical extraction (ie: hex dump). Moreover, all cable connectors from subject (source) side act as a write-blocker, being read only via the onboard hardware chipset. Extracted data includes basic handset data, the phonebook, SMS and MMS messages, SIM data, multimedia (e.g. images and videos stored on the phone), and time and date stamps.
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
  
== External Links ==
+
= See also =
* [http://www.cellebrite.com/UFED-Standard-Kit.html Official web site]
+
* [[rekall]]
 +
 
 +
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
 +
 
 +
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
 +
 
 +
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
 +
 
 +
== Workshops ==
 +
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]

Revision as of 15:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

See also

External Links

Publications

Presentations

Workshops