1
Remote Data Acquisition Method Live Forensics Using Google Rapid Response GRR stands for Google Rapid Response a Framework Remote Live Forensics Multi-Platform built and deployed by Incident Response Team Google, gained popularity by 20% until fully supported by open sources community. The main motivation in establishing a GRR Rapid Response is to improve the readiness of analysis and investigation, by lowering the cost of Investigation as well as improving the quality of digital evidence obtained the main features, Collecting Information on the Agent system which will be analyzed through the remote and features detailed monitoring of CPU Client (Agent), Memory, use of I / O and more. GRR was always designed to be open sourced, but with any sufficiently complex "enterprise" product you expect to integrate it with other systems and potentially even with proprietary technology. So its true that some of the core developers time is spent working on internal features that won’t be released publicly. The goal is to ensure that everything useful is released, Below are listed some of the key differences that may matter to you: Datastore/Storage, Security and privacy, Machine handling and monitoring Resources : https://github.com/google/grr 05 05 openSUSE Asia Summit 2016 indoforensics.wordpress.com Kaliurang KM 14.4 Besi, Sleman Yogyakarta +62 853 4765 7903 [email protected] ABSTRACT Arif Wahyudi

OpenSUSE Asia Summit 2016

Embed Size (px)

Citation preview

Remote Data Acquisition Method Live ForensicsUsing Google Rapid Response

GRR stands for Google Rapid Response a Framework Remote Live Forensics Multi-Platform built

and deployed by Incident Response Team Google, gained popularity by 20% until fully supported

by open sources community. The main motivation in establishing a GRR Rapid Response is to

improve the readiness of analysis and investigation, by lowering the cost of Investigation as well

as improving the quality of digital evidence obtained the main features, Collecting Information on

the Agent system which will be analyzed through the remote and features detailed monitoring of

CPU Client (Agent), Memory, use of I / O and more.

GRR was always designed to be open sourced, but with any sufficiently complex "enterprise"

product you expect to integrate it with other systems and potentially even with proprietary

technology. So its true that some of the core developers time is spent working on internal

features that won’t be released publicly. The goal is to ensure that everything useful is released,

Below are listed some of the key differences that may matter to you:

Datastore/Storage, Security and privacy, Machine handling and monitoring

Resources : https://github.com/google/grr

0505

openSUSE Asia Summit 2016

indoforensics.wordpress.com

Kaliurang KM 14.4 Besi, Sleman Yogyakarta

+62 853 4765 7903

[email protected]

ABSTRACT

Arif Wahyudi