Top of Page
2 CPEs

Live Forensics Using GRR

Google Rapid Response (GRR) is an open-source live forensics tool created by Google for incident response. GRR’s objective is to assist in live forensics and investigation to allow for remote analysis permitting investigators to collect data about running systems on a network, anywhere from one system to thousands. This design supports limited resource and bandwidth collections to prevent the system from becoming unusable due to the analyst’s queries. 

Using GRR, data collected and maintained very efficiently can provide great insights into malware and other viruses that may be impacting your machines. Data collected can be used to determine the extent of a cyberattack, ensure systems are running smoothly, or monitor for policy compliance. By the end of this course, you will possess a deeper understanding of how to extract evidence from a hard drive. This lab does not cover the installation and configuration of the GRR server but includes a link to documentation.

Lab Activities:

  • Lab 1: Configure a GRR Client
  • Lab 2: Collect Client Information
  • Lab 3: Deploy a Hunt
  • Lab 4: Deploy a Cron Job
  • Lab 5: Analyze Activity on a Running System

Who Should Take This Course:

Experienced cyber, information, software and infrastructure security professionals who better want to understand how to extract evidence from a hard drive.

About This Course:

Lab content within this course take place within a Windows 10 64bit virtual machine. Before each lab topic, you will be asked to watch an instructional video that will guide you through the content and review the necessary background information to complete the lab assignment. There is no time restriction, but this lab will take approximately two hours to complete. The exercises are intended to be completed in sequential order, and all elements within the lab are required to complete the course. At the end of the course you will be asked to take a final assessment and must score 70% or higher prior to receiving a certificate of completion and earning continuing professional education (CPE) credits.