Difference between pages "HBGary Responder Professional" and "GRR"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
'''HBGary Responder Professional''' is a computer forensics suite distributed by [[HBGary]].
+
{{Infobox_Software |
 +
  name = Rekall |
 +
  maintainer = [[Darren Bilby]] and others |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Incident response}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
 +
}}
  
[[File:logo.jpg]]
+
GRR is an Incident Response Framework focused on Remote Live Forensics.
  
 +
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
  
----
+
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
  
Responder™ Professional is a leader in Windows™ physical memory and automated malware analysis. It is an
+
= See also =
application that is known for its ease of use, streamlined workflow, and rapid results. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who demand the very best. Responder Professional provides powerful memory
+
* [[rekall]]
forensics, malware detection, and software behavioral identification with Digital DNA™.
+
  
 +
= External Links =
 +
* [https://code.google.com/p/grr/ Project site]
 +
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
 +
* [http://grr.googlecode.com/git/docs/index.html Documentation]
  
----
+
== Publications ==
 +
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
 +
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
  
 +
== Presentations ==
 +
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
  
Memory Preservation: FDPro is included with Responder™ Professional. FDPro is the most complete memory acquisition software in the
+
== Workshops ==
industry. FDPro is the only application that can preserve Windows™ physical memory and Pagefile for information security and computer
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]
forensic purposes.
+
 
+
 
+
----
+
 
+
Memory Analysis
+
Critical computer artifacts are found only in live memory and Responder makes it easy to uncover and take advantage of this search,
+
identify and report on f critical information with easy to use and an intuitive GUI designed to support investigation workflow.
+
 
+
 
+
----
+

Revision as of 15:36, 12 January 2014

Rekall
Maintainer: Darren Bilby and others
OS: Cross-platform
Genre: Incident Response
License: APL
Website: code.google.com/p/grr/

GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the sleuthkit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the rekall project.

See also

External Links

Publications

Presentations

Workshops