GRR Rapid Response (GRR) is a remote live forensics tool that empowers administrators with data-collecting capabilities for troubleshooting and health checks.  It is an open-source project that is highly scalable, customizable, and flexible.  GRR is based on a client/server architecture.  An agent is installed on a target machine.  After deployment, a machine becomes a GRR client and can communicate with the server.  A message can command the client to run a specific action(s) and return the results to the administrator.  Server commands are performed by flows, which are basically server-side code that schedules remote calls and actions to the client.  An administrator can also perform something called hunts, which are powerful forensic searches over a large number of computers.

The objective of the project was to successfully implement GRR in IUPUI’s computer labs. This goal was successfully accomplished.  An IUPUI administrator can now remotely access the lab computers and perform detailed examinations on one or many lab machines.

Project Student: Thomas Wilson

Author