What’s GRR?
This incident response framework is an open supply device used for dwell forensics. It’s a Consumer/server mannequin device the place the GRR shopper is deployed on the investigating system. The GRR server offers an online interface and API to view collected knowledge. It provides cross-platform assist over Linux, Home windows and OSX and has lots of of forensic artifacts.
As this device isn’t for inexperienced persons, it is advisable to be acquainted with UI servers, fleetspeak, and totally different forensic frameworks. Moreover, you ought to be acquainted with Python server troubleshooting . Set up directions for the server part will be discovered right here. Upon profitable set up of the server it is possible for you to to login to the Admin UI and obtain the right installer for the system you might be investigating.
GRR Consumer Options
A few of the important options for the GRR Consumer part consists of dwell evaluation utilizing YARA library, SleuthKit integrated into the shopper and search capabilities inside Home windows Registry. You possibly can run the shopper on Home windows, Linux and OS X and it may monitor CPU and reminiscence utilization from the server elements.
The shopper provides a safe communication infrastructure constructed for web deployment. This implies you need to use a device like InfectionMonkey to deploy the GRR Consumer over a community connection. The SleuthKit module permits for uncooked filesystem entry as properly. The shopper and server work collectively to carry out quick and easy assortment of artifacts.
GRR Server Options
The server part provides enterprise searching with fleetspeak, highly effective export options and has a full scale back-end that enables giant deployments. It has a AngularJS UI, shopper libraries in Python, Powershell and Go. The RESTful JSON API and plugins make this device a really succesful incident response and forensic investigation device. It has automated scheduling and might work with a big fleet of laptop computer/desktops. Moreover, it may monitor IoT units. The server part solely helps 64-bit Ubuntu 18.04+.
Conclusion
This can be a useful gizmo with many use functions. There’s a fundamental use case Docker picture on the GRR Documentation web page the place you may try it out. This system works with slightly tweaking on Ubuntu on WSL and wow. This device goes 3/5 in my e book. Nice work by Google on this one.
Wish to study extra about moral hacking?
We’ve a networking hacking course that’s of the same degree to OSCP, get an unique low cost right here
Assist assist LHN by shopping for a T-shirt or a mug?
Try our choice right here
Are you aware of one other GitHub associated hacking device?
Get in contact with us by way of the contact type if you need us to take a look at another GitHub moral hacking instruments.
