Want to take your software engineering career to the next level? Join the mailing list for career tips & advice Click here


GRR Rapid Response: remote live forensics for incident response

Subscribe to updates I use grr

Statistics on grr

Number of watchers on Github 2
Number of open issues 0
Main language Python
Open pull requests 0+
Closed pull requests 0+
Last commit almost 6 years ago
Repo Created almost 6 years ago
Repo Last Updated almost 3 years ago
Size 118 MB
Organization / Authordefaultnamehere
Page Updated
Do you use grr? Leave a review!
View grr activity
View on github
Book a Mock Interview With Me (Silicon Valley Engineering Leader, 100s of interviews conducted)
Software engineers: It's time to get promoted. Starting NOW! Subscribe to my mailing list and I will equip you with tools, tips and actionable advice to grow in your career.
Evaluating grr for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)

GRR Rapid Response is an incident response framework focused on remote live forensics.


Mailing Lists


Nov 5 2014: We've got a great new logo, which you will see turning up in the admin UI soon. It replaces our long-standing unofficial logo :)

Oct 28 2014: We've started a blog as a supplement to the documentation. Check out the first post on how to set up the distributed datastore.

Oct 15 2014: We're now fully migrated to github. The code.google.com page will just be a redirect here. Open issues, documentation and code have been moved over, and we will only update this repository in the future.


GRR consists of an agent (client) that can be deployed to a target system, and server infrastructure that can manage and talk to the agent.

Client Features:

  • Cross-platform support for Linux, Mac OS X and Windows clients.
  • Live remote memory analysis using open source memory drivers for Linux, Mac OS X and Windows, and the Rekall memory analysis framework.
  • Powerful search and download capabilities for files and the Windows registry.
  • Secure communication infrastructure designed for Internet deployment.
  • Client automatic update support.
  • Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.

Server Features:

  • Fully fledged response capabilities handling most incident response and forensics tasks.
  • OS-level and raw file system access, using the SleuthKit (TSK).
  • Enterprise hunting (searching across a fleet of machines) support.
  • Fully scalable back-end to handle very large deployments.
  • Automated scheduling for recurring tasks.
  • Fast and simple collection of hundreds of digital forensic artifacts.
  • Asynchronous design allows future task scheduling for clients, designed to work with a large fleet of laptops.
  • Ajax Web UI.
  • Fully scriptable IPython console access.
  • Basic system timelining features.
  • Basic reporting infrastructure.

See quickstart to start using it.


grr questions on Stackoverflow (View All Questions)
  • regex wildcard and multiple files (used in grr)
  • newb question - forward slashes and back slashes grr
  • LINQ TO SQL GRR! How to map this inheritance?
  • Caching Web UserControl by Propety is not working (Grr!)
grr list of languages used
Other projects in Python
Powered by Autocode - Instant Webhooks, Scripts and APIs
Autocode logo wordmark