GRR Rapid Response: remote live forensics for incident response
Python C++ Protocol Buffer HTML JavaScript Shell Other
Latest commit 61614fd Sep 28, 2016 @mbushkov mbushkov Various fixed and improvements.
* Moved to requests library in the client.
* Bumped client version.
* Multiple minor client fixes.
* Ongoing work on reports GUI reimplementation.
Permalink
Failed to load latest commit information.
accelerated Fix failing test. Jul 21, 2016
artifacts Change directory structure. Apr 5, 2016
binaries Update server to 0.3.0-7 and client 3.0.0.7 Jul 21, 2015
debian Fix docker server deb build. Sep 20, 2016
docker Fix docker server deb build. Sep 20, 2016
docs Apply an automated python formatter. May 30, 2016
executables Fix failing test. Jul 21, 2016
grr Various fixed and improvements. Sep 28, 2016
install_data Various fixed and improvements. Sep 28, 2016
keys/test Update to alpha release. Oct 4, 2012
scripts Test repack and install in CI Jul 26, 2016
travis Use class names for action mocks. Sep 2, 2016
vagrant Use class names for action mocks. Sep 2, 2016
.dockerignore Remove built UI css and js files. Jul 13, 2016
.gitignore Modify install scripts for more flexibility Feb 17, 2016
.travis.yml Fixes for proto3 on travis and docker. Sep 2, 2016
ACKNOWLEDGEMENTS Fix setup.py paths. May 20, 2016
AUTHORS Adding two new team members to the project and also adding two Nov 18, 2014
Dockerfile Fixes for proto3 on travis and docker. Sep 2, 2016
LICENSE Initial commit. Aug 21, 2011
MANIFEST.in Bump version. Aug 10, 2016
README - Updating the project information (website, authors files) Oct 22, 2014
README.md Add appveyor build badge Jun 6, 2016
appveyor.yml Test repack and install in CI Jul 26, 2016
makefile.py Move to protobuf 3.0.0 Sep 1, 2016
setup.py Various fixed and improvements. Sep 28, 2016
version.ini Various fixed and improvements. Sep 28, 2016

README.md

GRR Rapid Response is an incident response framework focused on remote live forensics.

Build Status Build status

GRR is a python agent (client) that is installed on target systems, and python server infrastructure that can manage and talk to the agent.

Client Features:

  • Cross-platform support for Linux, OS X and Windows clients.
  • Live remote memory analysis using open source memory drivers for Linux, OS X and Windows via the Rekall memory analysis framework.
  • Powerful search and download capabilities for files and the Windows registry.
  • Secure communication infrastructure designed for Internet deployment.
  • Client automatic update support.
  • Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.

Server Features:

  • Fully fledged response capabilities handling most incident response and forensics tasks.
  • OS-level and raw file system access, using the SleuthKit (TSK).
  • Enterprise hunting (searching across a fleet of machines) support.
  • Fully scalable back-end to handle very large deployments.
  • Automated scheduling for recurring tasks.
  • Fast and simple collection of hundreds of digital forensic artifacts.
  • Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
  • AngularJS Web UI and RESTful JSON API.
  • Fully scriptable IPython console access.
  • Basic system timelining features.
  • Basic reporting infrastructure.

See quickstart to start using it.

Contact Us

Mailing lists:

Follow us on twitter for announcements of GRR user meetups. We use a gitter chat room during meetups.

Screenshots