Remote Live Forensics Using Google GRR Rapid Response

Introduction

The premise of this project is to perform live forensics on remote clients using GRR Rapid Response then forward that information to Splunk. The final report will be linked in the References section.

Tools Used

The tools used here are the following:

Approach to Problem

Hosted both a list of clients that were to be scanned by GRR and the host machine that will be doing the scanning.
Ran a network scan on a selected client on GRR.
Downloaded results as a .csv file format and forwarded to Splunk using email.
Used Splunk search by host and source to locate file.

Learning Outcomes

Learned how to scan multiple clients using GRR and what kind of scan to initiate.
Learned how to determine/select the type of output for the data to be analyzed within GRR.

References

Written report linked here

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
LICENSE		LICENSE
README.md		README.md
Report.pdf		Report.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

Report.pdf

Report.pdf

Repository files navigation

Remote Live Forensics Using Google GRR Rapid Response

Table of Contents

Introduction

Tools Used

Approach to Problem

Learning Outcomes

References

About

Releases

Packages

License

JacYuan1/Remote-Live-Forensics-Using-Google-GRR-Rapid-Response-Project

Folders and files

Latest commit

History

Repository files navigation

Remote Live Forensics Using Google GRR Rapid Response

Table of Contents

Introduction

Tools Used

Approach to Problem

Learning Outcomes

References

About

Topics

Resources

License

Stars

Watchers

Forks