GRR is an Incident Response Framework focused on Remote Live Forensics.

The disk and file system analysis capabilities of GRR are provided by the The Sleuth Kit and pytsk projects.

The memory analysis and acquisition capabilities of GRR are provided by the Yara project.

See also

• pytsk
• The Sleuth Kit

External Links

• Project site
• Project FAQ
• Documentation

Publications

• Distributed forensics and incident response in the enterprise, by Michael Cohen, Darren Bilby, G. Caronni. Digital Investigation, 2011.
• Hunting in the enterprise: Forensic triage and incident response, by Andreas Moser, Michael Cohen, Digital Investigation, 2013.
• GRR Artifacts, by Greg Castle, Blackhat 2014

Presentations

• OSDFC 2012 GRR Overview, by Darren Bilby

Workshops

• OSDFC workshop 2013, by Darren Bilby