JacYuan1/Remote-Live-Forensics-Using-Google-GRR-Rapid-Response-Project

Using Google GRR Rapid Response to analyze remote clients.

Remote Live Forensics Using Google GRR Rapid Response

Table of Contents

• Introduction
• Tools Used
• Approach to Problem
• Learning Outcomes
• References

Introduction

The premise of this project is to perform live forensics on remote clients using GRR Rapid Response then forward that information to Splunk. The final report will be linked in the References section.

Tools Used

The tools used here are the following:

1. Ubuntu
2. Google GRR Rapid Response
3. Oracle VM VirtualBox
4. Splunk

Approach to Problem

1. Hosted both a list of clients that were to be scanned by GRR and the host machine that will be doing the scanning.
2. Ran a network scan on a selected client on GRR.
3. Downloaded results as a .csv file format and forwarded to Splunk using email.
4. Used Splunk search by host and source to locate file.

Learning Outcomes

1. Learned how to scan multiple clients using GRR and what kind of scan to initiate.
2. Learned how to determine/select the type of output for the data to be analyzed within GRR.

References

Written report linked here