Difference between pages "GRR" and "Computer forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{Infobox_Software |
+
Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. [[Digital evidence]] is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law.
  name = GRR |
+
Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.
  maintainer = [[Darren Bilby]] and others |
+
  os = {{Cross-platform}} |
+
  genre = {{Incident response}} |
+
  license = {{APL}} |
+
  website = [https://code.google.com/p/grr/ code.google.com/p/grr/] |
+
}}
+
  
GRR is an Incident Response Framework focused on Remote Live Forensics.
+
== See Also ==
 +
* [[File Analysis]]
 +
* [[Malware analysis]]
 +
* [[Memory analysis]]
  
The disk and file system analysis capabilities of GRR are provided by the [[sleuthkit]] and [[pytsk]] projects.
+
== External Links ==
 
+
* [http://en.wikipedia.org/wiki/Computer_forensics Wikipedia: Computer forensics]
The memory analysis and acquisition capabilities of GRR are provided by the [[rekall]] project.
+
* [http://www.wikicrimeline.co.uk/index.php?title=Digital_evidence WikiCrimeLine Digital evidence]
 
+
* [http://www.wikicrimeline.co.uk/index.php?title=Computer_forensics WikiCrimeLine Computer forensics]
= See also =
+
* [[pytsk]]
+
* [[rekall]]
+
* [[sleuthkit]]
+
 
+
= External Links =
+
* [https://code.google.com/p/grr/ Project site]
+
* [https://code.google.com/p/grr/wiki/ProjectFAQ Project FAQ]
+
* [http://grr.googlecode.com/git/docs/index.html Documentation]
+
 
+
== Publications ==
+
* [http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/37237.pdf Distributed forensics and incident response in the enterprise], by [[Michael Cohen]], [[Darren Bilby]], G. Caronni. Digital Investigation, 2011.
+
* [https://googledrive.com/host/0B9hc84IflFGbN2IwMTUyYTUtMTU0Mi00ZWQ3LWFhNDktM2IyMTg5MmY3OWI0/Hunting%20in%20the%20Enterprise:%20Forensic%20Triage%20and%20Incident%20Response Hunting in the enterprise: Forensic triage and incident response], by [[Andreas Moser]], [[Michael Cohen]], Digital Investigation, 2013.
+
 
+
== Presentations ==
+
* [https://googledrive.com/host/0B1wsLqFoT7i2N3hveC1lSEpHUnM/Docs/GRR%20Rapid%20Response%20-%20OSFC%202012.pdf OSDFC 2012 GRR Overview], by [[Darren Bilby]]
+
 
+
== Workshops ==
+
* [https://drive.google.com/?usp=chrome_app#folders/0B1wsLqFoT7i2eU1jU0JldW9JUU0 OSDFC workshop 2013], by [[Darren Bilby]]
+

Revision as of 03:34, 25 June 2014

Computer forensics is the practice of identifying, extracting and considering evidence from digital media such as computer hard drives. Digital evidence is both fragile and volatile and requires the attention of a certified specialist to ensure that materials of evidentiary value can be effectively isolated and extracted in a scientific manner that will bear the scrutiny of a court of law. Computer forensics is not to be confused with the more generic term of 'forensic computing', which refers to the analysis and study of all types of digital media and materials - whether they be of a computing or telecommunication nature. Computer forensics, in a strict sense, applies specifically to the evaluation of computers and data storage or data processing devices.

See Also

External Links