theGreenJedi / grr

GRR Rapid Response: remote live forensics for incident response

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GRR Rapid Response is an incident response framework focused on remote live forensics.

Build Status Build status

GRR is a python agent (client) that is installed on target systems, and python server infrastructure that can manage and talk to the agent.

Client Features:

  • Cross-platform support for Linux, OS X and Windows clients.
  • Live remote memory analysis using open source memory drivers for Linux, OS X and Windows via the Rekall memory analysis framework.
  • Powerful search and download capabilities for files and the Windows registry.
  • Secure communication infrastructure designed for Internet deployment.
  • Client automatic update support.
  • Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.

Server Features:

  • Fully fledged response capabilities handling most incident response and forensics tasks.
  • OS-level and raw file system access, using the SleuthKit (TSK).
  • Enterprise hunting (searching across a fleet of machines) support.
  • Fully scalable back-end to handle very large deployments.
  • Automated scheduling for recurring tasks.
  • Fast and simple collection of hundreds of digital forensic artifacts.
  • Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
  • AngularJS Web UI and RESTful JSON API.
  • Fully scriptable IPython console access.
  • Basic system timelining features.
  • Basic reporting infrastructure.

See quickstart to start using it.

Contact Us

Mailing lists:

Follow us on twitter for announcements of GRR user meetups. We use a gitter chat room during meetups.

Screenshots

[](https://github.com/google/grr/blob/gh-pages/screenshots/Screenshot from 2013-11-18 18-36-13.png) [](https://github.com/google/grr/blob/gh-pages/screenshots/Screenshot from 2013-11-18 18-36-46.png) [](https://github.com/google/grr/blob/gh-pages/screenshots/Screenshot from 2013-11-18 18-37-37.png) [](https://github.com/google/grr/blob/gh-pages/screenshots/Screenshot from 2013-11-18 18-40-49.png) [](https://github.com/google/grr/blob/gh-pages/screenshots/Screenshot from 2013-11-18 18-41-45.png)

About

GRR Rapid Response: remote live forensics for incident response

License:Apache License 2.0


Languages

Language:Python 86.5%Language:C++ 4.1%Language:Protocol Buffer 4.1%Language:HTML 2.0%Language:JavaScript 2.0%Language:Shell 0.5%Language:CSS 0.3%Language:C 0.1%Language:Standard ML 0.1%Language:Ruby 0.1%Language:Batchfile 0.0%Language:CMake 0.0%Language:Makefile 0.0%Language:Groff 0.0%Language:Assembly 0.0%