Never Ending Security

It starts all here

GRR Rapid Response: remote live forensics for incident response

GRR Rapid Response is an incident response framework focused on remote live forensics.

Links Build Status

Mailing Lists


GRR consists of an agent (client) that can be deployed to a target system, and server infrastructure that can manage and talk to the agent.

Client Features:

  • Cross-platform support for Linux, Mac OS X and Windows clients.
  • Live remote memory analysis using open source memory drivers for Linux, Mac OS X and Windows, and the Rekall memory analysis framework.
  • Powerful search and download capabilities for files and the Windows registry.
  • Secure communication infrastructure designed for Internet deployment.
  • Client automatic update support.
  • Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.

Server Features:

  • Fully fledged response capabilities handling most incident response and forensics tasks.
  • OS-level and raw file system access, using the SleuthKit (TSK).
  • Enterprise hunting (searching across a fleet of machines) support.
  • Fully scalable back-end to handle very large deployments.
  • Automated scheduling for recurring tasks.
  • Fast and simple collection of hundreds of digital forensic artifacts.
  • Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
  • Ajax Web UI.
  • Fully scriptable IPython console access.
  • Basic system timelining features.
  • Basic reporting infrastructure.

See quickstart to start using it.

More info about this project can be found at:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s