2024-06-27 - GRR release v.3.4.7.5

Live forensics,
at scale.

We’re an open-source endpoint agent & digital forensics platform.

Workflow diagram
Scroll down prompt
01

Live forensics

Search, list, and collect files

Search for files based on criteria like path, regex and content matching. List directories or the whole hard disk timeline. Collect the contents of regular files and special OS primitives like devices and alternate data streams. Parse NTFS file systems to read locked files on Windows.

List processes, network connections, and named pipes

Get insights into what's happening on an endpoint. Search for and list processes, enumerate open network connections and list special OS primitives like named pipes.

Collect forensic artifacts, run osquery

Use predefined recipes for forensic data collection (ForensicArtifacts), create your own to quickly and reproducibly gather forensic evidence, and send queries to osquery.

Live process memory analysis

Scan the memory of running processes for indicators of compromise with yara and dump the memory pages for further forensic analysis.

Go to next image
Go to previous image
02

At Scale

Check & collect data on thousands of endpoints

Schedule Hunts on your whole fleet and offline endpoints will pick up the hunt when you’re back online.

Low latency communication

Send commands to endpoints and receive data collection results in seconds through Fleetspeak.

Periodic fleet checks

Configure cron jobs to repeat hunts periodically, turning one-off investigations into regular checks.

For security teams of any size

Enable advanced features like multi-party authorization with approvals and pluggable authentication when your security team grows.

03

Anywhere

Deploy agents to all major operating systems

Run agents on Debian, Ubuntu and CentOS-based Linux distributions, macOS and Windows.

Pre-packaged, single-file installers for all operating systems

Download the pre-packaged installer from the GRR web application after setting up your installation.

Secure communication between client and server

Agents have the GRR server's address and certificate baked in for secure communication. All communication is encrypted.

Latest updates

alt

Latest release!

Download the latest server and clients from our github page.

alt

GRR on the OSDFIR blog

How to use Google Cloud Storage (GCS) Buckets for GRR blobstore and Cloud Pub/Sub Service to communicate with Fleetspeak.

alt

New release 3.4.7.4

Download the 3.4.7.4 server and clients from our github page.

alt

Life of a GRR message

GRR on the OSDFIR blog: Understand how GRR messages are delivered via Fleetspeak.

alt

Running GRR everywhrr

GRR on the OSDFIR blog: Operate GRR and Fleetspeak in a microservice based architecture ft. communication layer challenges.

alt

GRR On The Command Line With GRRShell

GRR on the OSDFIR blog: New GRRShell project uses GRR API to provide a easy-to-navigate command line tool.

alt

New release 3.4.7.1

Download the 3.4.7.1 server and clients from our github page.

alt

Deploying GRR to Kubernetes for Incident Response

GRR on the OSDFIR blog: Kubernetes (k8s) is being used to run more and more infrastructure in the cloud.

alt

How Spotify uses GRR

Incident responders want to have as much information as possible to ease the investigation and triage process.