GRR is an Incident Response Framework focused on Remote Live Forensics.
##State of the Project GRR is currently in an Beta release, ready for testing by end users. More information can be found in the GRR Rapid Response documentation.
###Update - July 31 2013:
We are moving our files to Google Drive since Google Code is deprecating downloads. There is now an updated installation script that downloads from Google Drive - please use this one for new installations (link below).
We have also pushed a new release candidate of version 0.2-8 to the Drive folder. This RC fixes some issues with repacking clients when you specify a custom name in the config file.
Please note that the old installation script still points at the Google Code downloads which has a now outdated version of the testing server!
wget https://googledrive.com/host/0B1wsLqFoT7i2c3F0ZmI1RDJlUEU/install_script_ubuntu_12.sh
GRR_TESTING=1 bash install_script_ubuntu_12.sh
###Update - August 8 2013: We pushed a new test server to Google Drive. This release has some server bugfixes and also fixes a deadlock issue on the clients when downloading big files.
##Information GRR consists of an agent that can deployed to a target system, and a server infrastructure that can manage and talk to the agent. More information can be found in the GRR Developer documentation.
###Client Features:
- Cross-platform support for Linux, Mac OS X and Windows clients (agents)
- Open source memory drivers for Linux, Mac OS X and Windows
- Supports searching, downloading
- Volatility integration for memory analysis
- Secure communication infrastructure designed for Internet deployment
- Client automatic update support
###Server Features:
- Fully fledged response capabilities handling most incident response and forensics tasks
- OS-level and raw access file system access, using the SleuthKit (TSK)
- Ajax Web UI
- Fully scriptable IPython console access
- Enterprise hunting support
- Basic system timelining features
- Basic reporting infrastructure
- Support for asynchronous flows
- Fully scaleable back-end to handle very large deployments
- Detailed monitoring of client CPU, memory, IO usage
- Automated scheduling for reoccurring tasks
See GettingStarted to start using it.