GRR is an Incident Response Framework focused on Remote Live Forensics.
The disk and file system analysis capabilities of GRR are provided by the The Sleuth Kit and pytsk projects.
The memory analysis and acquisition capabilities of GRR are provided by the Yara project.
- Distributed forensics and incident response in the enterprise, by Michael Cohen, Darren Bilby, G. Caronni. Digital Investigation, 2011.
- Hunting in the enterprise: Forensic triage and incident response, by Andreas Moser, Michael Cohen, Digital Investigation, 2013.
- GRR Artifacts, by Greg Castle, Blackhat 2014
- OSDFC 2012 GRR Overview, by Darren Bilby
- OSDFC workshop 2013, by Darren Bilby