GRR: Google Rapid Response and Volatility
For those of you that were unable to attend DFRWS 2011, I wanted to take a few moments to highlight an exciting project coming from the Google Incident Response Team, Google Rapid Response (GRR) (slides | paper). As everyone is aware, Google publicly disclosed, in 2010, that they were the subject of a targeted attack, commonly referred to as “Operation Aurora”. Given the scale of the attack, Google reached out to a few not-so-discrete incident response companies to help augment their internal teams during the investigation. From this experience, Google quickly realized the nascent state of the incident response industry and tools. Thus, once the smoke cleared, the Google Team began investing a lot of resources into augmenting their own security capabilities and reducing incident response to a search problem. One of those efforts is Google Rapid Response, whose software development is being lead by Michael Cohen (aka scudette). You should recognize his name from the great work he has done on Volatility and PyFlag. GRR is an open source incident response framework which is intended to provide a scalable solution to the remote forensics challenges faced by many organizations. While the project is still in early stages of development, you should definitely take some time to check it out and follow its development! Besides, if you are a Volatility user, you will be interested to discover that “GRR also incorporates the Volatility Memory analysis framework” and Google has been contributing back, including work on 64-bit support! Shoutz to scudette, sham, and the other GRR developers!
PS: I’ve heard one of the companies Google hired during Aurora has been claiming, behind closed doors, that Google stole their ideas and is “ripping them off”. This is kind of hilarious when you consider the sordid history of that company’s own “intellectual property” (Hi Kevin! Hi Jamie!). I guess the thought of going up against Google can make a company a little nervous, especially, when they just took on substantial funding from Private Equity firms. The fact that they are concerned makes GRR even more interesting. Do you really think you can out search Google!
