GRR Rapid Response is an incident response framework focused on remote live forensics.
- Quickstart: Fast automated installation
- User Manual
- Administration Documentation (Setup and Configuration)
- Publications: Papers, Presentations, Workshops etc.
- Project FAQ
- Developer and Implementation Documentation
- The GRR Configuration system
- Release Notes: check these when upgrading
- Project Roadmap
- Search Documentation (using github search)
- License Information
GRR is a python agent (client) that is installed on target systems, and
python server infrastructure that can manage and talk to the agent.
- Cross-platform support for Linux, OS X and Windows clients.
- Live remote memory analysis using open source memory drivers for Linux, OS X and Windows via the Rekall memory analysis framework.
- Powerful search and download capabilities for files and the Windows registry.
- Secure communication infrastructure designed for Internet deployment.
- Client automatic update support.
- Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.
- Fully fledged response capabilities handling most incident response and forensics tasks.
- OS-level and raw file system access, using the SleuthKit (TSK).
- Enterprise hunting (searching across a fleet of machines) support.
- Fully scalable back-end to handle very large deployments.
- Automated scheduling for recurring tasks.
- Fast and simple collection of hundreds of digital forensic artifacts.
- Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
- AngularJS Web UI and RESTful JSON API.
- Fully scriptable IPython console access.
- Basic system timelining features.
- Basic reporting infrastructure.
See quickstart to start using it.