GRR Rapid Response is an incident response framework focused on remote live forensics.

It consists of a python client (agent) that is installed on target systems, and a python server infrastructure that can manage and talk to clients.

The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely.

GRR on GitHub

GRR is open source (Apache License 2.0) and is developed on GitHub: github.com/google/grr

Contacts

• GitHub issues: github.com/google/grr/issues

• GRR Users mailing list: grr-users

• Follow us on twitter for announcements of GRR user meetups. We use a gitter chat room during meetups.

Table of contents

• What is GRR?
• Quickstart
• Installing GRR server
• Deploying GRR clients
• Investigating with GRR
• Maintaining and tuning GRR deployment
• GRR and Fleetspeak setup
• Developing GRR
• Release Notes
• F.A.Q
• Publications

GRR on GitHub — GRR documentation