GRR Rapid Response is an incident response framework focused on remote live forensics.
- Quickstart: Fast automated installation
- Downloads (installation files, client templates)
- User Manual
- Blog
- Administration Documentation (Setup and Configuration)
- Publications: Papers, Presentations, Workshops etc.
- Project FAQ
- Developer and Implementation Documentation
- The GRR Configuration system
- Release Notes: check these when upgrading
- Project Roadmap
- Search Documentation (using github search)
- License Information
- Troubleshooting
GRR consists of an agent (client) that can be deployed to a target system, and
server infrastructure that can manage and talk to the agent.
Client Features:
- Cross-platform support for Linux, Mac OS X and Windows clients.
- Live remote memory analysis using open source memory drivers for Linux, Mac OS X and Windows, and the Rekall memory analysis framework.
- Powerful search and download capabilities for files and the Windows registry.
- Secure communication infrastructure designed for Internet deployment.
- Client automatic update support.
- Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.
Server Features:
- Fully fledged response capabilities handling most incident response and forensics tasks.
- OS-level and raw file system access, using the SleuthKit (TSK).
- Enterprise hunting (searching across a fleet of machines) support.
- Fully scalable back-end to handle very large deployments.
- Automated scheduling for recurring tasks.
- Fast and simple collection of hundreds of digital forensic artifacts.
- Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
- Ajax Web UI.
- Fully scriptable IPython console access.
- Basic system timelining features.
- Basic reporting infrastructure.
See quickstart to start using it.
[
