exploit the possibilities
Showing 1 - 25 of 159 RSS Feed

Forensics Files

GRR 3.4.5.1
Posted Aug 23, 2021
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Mid-quarter release for Q3 2021. TSK, libfsntfs and YARA libraries are now run in a separate, unprivileged process for sandboxing in the GRR client. Fleetspeak, the next generation communication framework, is now enabled by default. Added a new MSI installer for Windows clients. New flow for named pipe collection on Windows for ListNamedPipes.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | dda5e2fa2971fb4aa73738c44c9796ca3f1f566519c324b7cbf6b9c9629a2aaf
GRR 3.4.3.1
Posted May 20, 2021
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Prometheus/Grafana support have been added. A new collect large file flow has been added. New Elasticsearch output plugin. Multiple API changes, bug fixes, and various minor enhancements.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 6eb8e889cd5d36a2882152da0ee21316d93409184738ea0b1cc9a7320da289f4
GRR 3.4.2.4
Posted Oct 15, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Minor bug-fix release on top of version 3.4.2.3
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 9acd2bae2cdc1e6c4e6aa4b3625a9dae5bfdbdf34f7c32ec92b31082395b9801
GRR 3.4.2.3
Posted Oct 5, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Reference documentation and an OpenAPI spec is now available for the GRR API. Timeline collection flow now also collects the file creation timestamp on all platforms. Various other updates and improvements.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | b0ccda97087aaa7971b0c68d4ae786c7ce80b8febe3d1fe7afb902d96f6560da
GRR 3.4.2.0
Posted Jul 7, 2020
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: New SplunkOutputPlugin to export Flow/Hunt results to Splunk. New NTFS virtual file system handler for file system parsing using libfsntfs. A couple new flows and multiple other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 3232771035cbd0580621c3e72dee06ff39416a505e07281e82a2d72191e1bb05
GRR 3.4.0.1
Posted Dec 18, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: GRR server debian package now has to be installed on Ubuntu 18. UpdateClient flow fixed for Ubuntu clients. A number of bugfixes and minor enhancements for YARA memory scanning.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | e1d8aa30b0752b40b74b2efba69dadd6ce0fe317780edf2cce36273f9106f43a
GRR 3.3.0.8
Posted Oct 10, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: YARA scanning fixes and enhancements. This is a minor bugfix release.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | ec54d0190b811c432e0cf3a23e489d6c5cc1d55663e31d764b844dfcfc152ee5
GRR 3.3.0.4
Posted Jul 3, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is a minor bugfix release.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 3918104d38f04c724d2e79306031ec8485d879c5b57a8a89de4f48743a45d8da
GRR 3.3.0.3
Posted Jul 1, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is a minor bugfix release.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | e906baf1c7879423f0ff70cf0dd4c9889713b388be02af87e640696f9a722d0a
GRR 3.3.0.0
Posted May 23, 2019
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is the first GRR release that works with the new relational data model. The legacy, AFF4-based data store is still available in this release but new GRR setups are encouraged to switch to the relational data store. Various other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 89ae266ede4d0d36eda8e3f278eb029a4a4d618c6c9e76a854d25e2d23cd3ae2
GRR 3.2.4.6
Posted Dec 21, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is an off-schedule release with some fixes for bugs introduced in the previous one.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 700437ed6661ab9c7c3b03c3817839bda5dd3b2001180f4f2f725eab779578a4
GRR 3.2.4.5
Posted Dec 18, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This release is the last GRR release to work on a legacy AFF4-based datastore. Next generation datastore will also work on top of MySQL but will have a completely different schema, meaning that you will lose historical data with the next GRR upgrade. Tons of small (and not-so-small) bug fixes and code health improvements.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 8e056afd847dd21c7f973764dd9065fee098707e13ea5afa65b4741683234e00
GRR 3.2.3.2
Posted Jun 28, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: This is an off-schedule release with a fix for a client-repacking bug introduced in v3.2.3.0.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 2fd71654c81246ff43dbed2cf0471aab564bd17a409d3c225adc63d143e2f1c7
GRR 3.2.3.0
Posted Jun 25, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: UI improvements and bugfixes. Various other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 89ae585973d5671dd7de7fce250978f6d6663739a8d09d6a194984018abf6165
GRR 3.2.2.0
Posted Mar 13, 2018
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: As of this release, GRR's legacy asciidoc documentation (previously hosted on github) has been deleted. Various other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | e4d85c9c4367a29f2300a8e7334551cdd5eb8d55e1e5b2680c1cee87942fed01
GRR 3.2.1.1
Posted Dec 12, 2017
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: The HTTPDatastore has been removed from GRR. GRR now supports MySQL out of the box (when installed from the server deb). Various other updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | c798a7e04fde047c322b64ac87b10d9b44c887327564be6cd62b5df1eadfa98c
Mobius Forensic Toolkit 1.0
Posted Nov 21, 2017
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of changes to the C++ and python APIs. Various other changes.
tags | tool, python, forensics
SHA-256 | 38f7cf697ca5101a3413425d16fa5fe912cf9e1f061103f0b7138fd96d40b92e
Mobius Forensic Toolkit 0.5.31
Posted Sep 12, 2017
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of changes to the C++ and python APIs. Various other changes.
tags | tool, python, forensics
SHA-256 | cd61f245a369d9373181de393bd3cd17344c1e92efba32f83fe696be53ad7ac9
GRR 3.2.0.1
Posted Sep 10, 2017
Authored by Andreas Moser, Mikhail Bushkov, Ben Galehouse, Milosz Lakomy | Site github.com

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Changes: Various updates.
tags | tool, remote, web, forensics
systems | unix
SHA-256 | 79e926fc1ad932016c3c26ac50f8a1b9d55b8ad11060832bb0937cc4328720c5
Mobius Forensic Toolkit 0.5.30
Posted Aug 9, 2017
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of changes to the C++ and python APIs. Various other changes.
tags | tool, python, forensics
SHA-256 | 3c4c96ca3d7c269d33d1f56d24dc0286e35f29139dfa5d7da9443382d13fc2ee
Mobius Forensic Toolkit 0.5.29
Posted Jul 5, 2017
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of changes to the C++ and python APIs. Various other changes.
tags | tool, python, forensics
SHA-256 | f9daa3938a428933d87d2f38eacb02277da3445ce8d514999769195bbafa2057
Mobius Forensic Toolkit 0.5.28
Posted Jun 15, 2017
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: New extension gtk-report-dialog. Improvements in attribute-viewer and lshw-agent. Various other changes.
tags | tool, python, forensics
SHA-256 | 1bb65be90903eee45e15d24af2b6c0dd010d78e1b445c853660193498c6eb8f8
Mobius Forensic Toolkit 0.5.27
Posted Feb 1, 2017
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: New extension lshw-agent. Various other improvements.
tags | tool, python, forensics
SHA-256 | 5d1cc57b1cde53ab593b0b89c3617da3df857eb179522dce6f782dd71400eac5
Mobius Forensic Toolkit 0.5.26
Posted Oct 10, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of C++ API changes. Various other improvements.
tags | tool, python, forensics
SHA-256 | 67612cefb5ed1c2a8bd34eb1e694adb0deab7abb0041128461794289f0d55190
Mobius Forensic Toolkit 0.5.25
Posted Jul 26, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Many updates to the C++ and python APIs. Various other improvements.
tags | tool, python, forensics
SHA-256 | 8ea6f97365251b45ba9c6309e8b51366f74ef9536f1dad257d2ef65b930d88fa
Page 1 of 7
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close