Distributed forensics and incident response in the enterprise
Venue
Journal of Digital Investigation, vol. 8 (2011), S101-S110
Publication Year
2011
Authors
Michael Cohen, Darren Bilby, Germano Caronni
BibTeX
Abstract
Remote live forensics has recently been increasingly used in order to facilitate
rapid remote access to enterprise machines. We present the GRR Rapid Response
Framework (GRR), a new multi-platform, open source tool for enterprise forensic
investigations enabling remote raw disk and memory access. GRR is designed to be
scalable, opening the door for continuous enterprise wide forensic analysis. This
paper describes the architecture used by GRR and illustrates how it is used
routinely to expedite enterprise forensic investigations.
