grr

We have hosted the application grr in order to run this application in our online workstations with Wine or directly.

Quick description about grr:

GRR Rapid Response is an incident response framework focused on remote live forensics. It consists of a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. �Work� means running a specific action, downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers, fleetspeak) and provides a web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Features:

• GRR was built to run at scale
• Collect and process data from large numbers of machines
• Cross-platform support for Linux, OS X and Windows clients
• Live remote memory analysis using YARA library
• OS-level and raw file system access, using the SleuthKit (TSK)
• Powerful search and download capabilities for files and the Windows registry

Programming Language: Python.
Categories: