Memory Forensics Tool for GRR

google / grr

GRR Rapid Response: remote live forensics for incident response

https://grr-doc.readthedocs.io/

Apache License 2.0

4.69k stars 759 forks source link

Memory Forensics Tool for GRR #605

Open benwingerter opened 6 years ago

benwingerter commented 6 years ago

Are there any memory forensics tools built into GRR? Most online resources point to Rekall, but according to #448, Rekall support has been deprecated.

jarvisjarb commented 6 years ago

I have tried in the last week with no success. You can check $593 for my questions.

tl;dr: I could not make it work.

grrrrrrrrr commented 6 years ago

Rekall is still available in GRR if you set a flag during installation. However, as also described in https://github.com/google/grr/issues/593, there might be issues and GRR team can only provide very limited support for Rekall at this time.

G4rb3n commented 5 years ago

How can I do memory analysis without rekall(Memory flow)? Yara process scan is hard to user for memory forensics >_<