GRR Rapid Response is an incident response framework focused on remote live forensics.
GRR is a python agent (client) that is installed on target systems, and python server infrastructure that can manage and talk to the agent.
Client Features:
- Cross-platform support for Linux, OS X and Windows clients.
- Live remote memory analysis using open source memory drivers for Linux, OS X and Windows via the Rekall memory analysis framework.
- Powerful search and download capabilities for files and the Windows registry.
- Secure communication infrastructure designed for Internet deployment.
- Client automatic update support.
- Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.
Server Features:
- Fully fledged response capabilities handling most incident response and forensics tasks.
- OS-level and raw file system access, using the SleuthKit (TSK).
- Enterprise hunting (searching across a fleet of machines) support.
- Fully scalable back-end to handle very large deployments.
- Automated scheduling for recurring tasks.
- Fast and simple collection of hundreds of digital forensic artifacts.
- Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
- AngularJS Web UI and RESTful JSON API.
- Fully scriptable IPython console access.
- Basic system timelining features.
- Basic reporting infrastructure.
See quickstart to start using it.
[su_button url=”https://github.com/google/grr” target=”blank” style=”flat” background=”#222348″ size=”7″ radius=”0″]Download GRR[/su_button]
