presentation progress ta
TRANSCRIPT
Perancangan Aplikasi untuk Remote Live Forensics menggunakan GRR Rapid Response
Arif Wahyudi (1252 31 33)
Agenda➔ Pengantar GRR
Apa, siapa, kapan, mengapa, bagaimana, dimana ?
➔ Installasi GRRFast Installation With Script or Docker Infrastructure
➔ Deploy & KonfigurasiKonfigurasi GRR Server & Konfigurasi Agent.
➔ Pembuatan Artifact Simple Artifact Chrome, Safari, Firefox, IE
➔ Pengujian Keaslian File Verifikasi Hash ( Md5, Sh256, Sh1 )
Abstrak
GRR singkatan dari Google Rapid Response merupakan sebuah
Framework Remote Live Forensics Multi-Platform yang dibangun dan
dideploy oleh Staff IR (Incident Response) Google. Motivasi utama dalam
membangun GRR Rapid Response adalah untuk meningkatkan kesiapan
analisa dan Investigasi, dengan menurunkan biaya Investigasi serta
meningkatkan kualitas bukti digital yang diperoleh, dengan fitur utama yaitu
melakukan pengumpulan Informasi terhadap sistem Agent yang akan dianalisa
melalui perantara remote, serta memiliki fitur detail monitoring dari CPU
Client (Agent), Memori, Penggunaan I/O dan lain – lain.
“SANS” “a combination of description, location, and interpretation”
More Info
https://github.com/google/grr
https://digital-forensics.sans.org/blog/2012/10/06/digital-
forensics-case-leads-open-source-forensics-edition
GRR RAPID RESPONSE
INVESTIGATOR :
192.168.119.5 /24
USER 1 : 192.168.119.6
USER 2 : 192.168.119.7
USER 3 : 192.168.119.8
USER 4 : 192.168.119.9
USER 5 : 192.168.119.10
USER 6 : 192.168.119.11
Installation Server
Requirements
linux box with Ubuntu
Xenial Server 64-bit.
Recommend > 1GB Ram
Follow these instructions
for an automated install
on an Ubuntu system..
wgethttps://raw.githubusercontent.com/google/grr/master/scripts/install_script_ubuntu.sh
sudo bash install_script_ubuntu.sh
Sudo systemctl restart grr-server
Client.server_urls : http:192.168.119.128:8000
Repack New Clients
Requirements
linux box with Ubuntu
Xenial Server 64-bit.
Recommend > 1GB Ram
Follow these instructions
for an automated install
on an Ubuntu system..
The last step is to repack the client as you change the HTTP server ip
in the config file and upload them to datastore
sudo grr_config_updater repack_clients --upload
sudo grr_config_updater repack_clients
Installation ClientsManage Binaries → executables → Windows → installers. Download the client you need.
For Windows you will see a 32 and 64 bit installer. Run the installer as admin (it should load the UAC prompt if you are not admin). It should run silently and install the client to c:\windows\system32\grr\%version%\. It will also install a Windows Service, start it, and configure the registry keys to make it talk to the URL/server you specified during repack of the clients on the server.
For OSX you will see a pkg file, install the pkg
For Linux you will see a deb and rpms, install the appropriate one..
Requirements
linux box with Ubuntu
Xenial Server 64-bit.
Recommend > 1GB Ram
Follow these instructions
for an automated install
on an Ubuntu system..
#3ARTIFACT MANAGER
DEMO
#4HUNTING PROCESS
DEMO
#5HASH FILE
DEMO
MORE INFO GRR https://github.com/google/grr
Mailing List :[email protected]
More Info
https://github.com/google/grr