Google (GRR) Rapid Response - Incident Response Framework

GRR consists of an agent (client) that can be deployed to a target system, and server infrastructure that can manage and talk to the agent.

Client Features:
  • Cross-platform support for Linux, Mac OS X and Windows clients.
  • Live remote memory analysis using open source memory drivers for Linux, Mac OS X and Windows, and the Rekall memory analysis framework.
  • Powerful search and download capabilities for files and the Windows registry.
  • Secure communication infrastructure designed for Internet deployment.
  • Client automatic update support.
  • Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.
Server Features:
  • Fully fledged response capabilities handling most incident response and forensics tasks.
  • OS-level and raw file system access, using the SleuthKit (TSK).
  • Enterprise hunting (searching across a fleet of machines) support.
  • Fully scalable back-end to handle very large deployments.
  • Automated scheduling for recurring tasks.
  • Fast and simple collection of hundreds of digital forensic artifacts.
  • Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
  • Ajax Web UI.
  • Fully scriptable IPython console access.
  • Basic system timelining features.
  • Basic reporting infrastructure.



  • A linux box. At the moment the full install is thoroughly tested end to end on Ubuntu Server 14.04 64-bit [1]. It works on other things fine [2], but that is what it’s tested on.
  • Recommend > 1GB Ram and a modern CPU if you want to run everything on one box (note that free Amazon EC2 instances don’t have enough RAM).
  • Some clients to talk to the server. OSX, Windows and Linux agents are supported.

Making it Go

Download the installation script e.g. using wget:

Run the installation script:
sudo bash
Read more at:

Google (GRR) Rapid Response - Incident Response Framework Reviewed by Ethical Hacking on 2:00 PM Rating: 5

No comments:

Feel free to ask questions, we love to respond.

All Rights Reserved by The World of IT & Cyber Security: © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.