presentation progress ta
TRANSCRIPT
![Page 1: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/1.jpg)
Perancangan Aplikasi untuk Remote Live Forensics menggunakan GRR Rapid Response
Arif Wahyudi (1252 31 33)
![Page 2: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/2.jpg)
Agenda➔ Pengantar GRR
Apa, siapa, kapan, mengapa, bagaimana, dimana ?
➔ Installasi GRRFast Installation With Script or Docker Infrastructure
➔ Deploy & KonfigurasiKonfigurasi GRR Server & Konfigurasi Agent.
➔ Pembuatan Artifact Simple Artifact Chrome, Safari, Firefox, IE
➔ Pengujian Keaslian File Verifikasi Hash ( Md5, Sh256, Sh1 )
![Page 3: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/3.jpg)
Abstrak
GRR singkatan dari Google Rapid Response merupakan sebuah
Framework Remote Live Forensics Multi-Platform yang dibangun dan
dideploy oleh Staff IR (Incident Response) Google. Motivasi utama dalam
membangun GRR Rapid Response adalah untuk meningkatkan kesiapan
analisa dan Investigasi, dengan menurunkan biaya Investigasi serta
meningkatkan kualitas bukti digital yang diperoleh, dengan fitur utama yaitu
melakukan pengumpulan Informasi terhadap sistem Agent yang akan dianalisa
melalui perantara remote, serta memiliki fitur detail monitoring dari CPU
Client (Agent), Memori, Penggunaan I/O dan lain – lain.
![Page 4: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/4.jpg)
“SANS” “a combination of description, location, and interpretation”
More Info
https://github.com/google/grr
https://digital-forensics.sans.org/blog/2012/10/06/digital-
forensics-case-leads-open-source-forensics-edition
![Page 5: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/5.jpg)
GRR RAPID RESPONSE
![Page 6: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/6.jpg)
INVESTIGATOR :
192.168.119.5 /24
USER 1 : 192.168.119.6
USER 2 : 192.168.119.7
USER 3 : 192.168.119.8
USER 4 : 192.168.119.9
USER 5 : 192.168.119.10
USER 6 : 192.168.119.11
![Page 7: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/7.jpg)
Installation Server
Requirements
linux box with Ubuntu
Xenial Server 64-bit.
Recommend > 1GB Ram
Follow these instructions
for an automated install
on an Ubuntu system..
wgethttps://raw.githubusercontent.com/google/grr/master/scripts/install_script_ubuntu.sh
sudo bash install_script_ubuntu.sh
Sudo systemctl restart grr-server
Client.server_urls : http:192.168.119.128:8000
![Page 8: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/8.jpg)
Repack New Clients
Requirements
linux box with Ubuntu
Xenial Server 64-bit.
Recommend > 1GB Ram
Follow these instructions
for an automated install
on an Ubuntu system..
The last step is to repack the client as you change the HTTP server ip
in the config file and upload them to datastore
sudo grr_config_updater repack_clients --upload
sudo grr_config_updater repack_clients
![Page 9: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/9.jpg)
Installation ClientsManage Binaries → executables → Windows → installers. Download the client you need.
For Windows you will see a 32 and 64 bit installer. Run the installer as admin (it should load the UAC prompt if you are not admin). It should run silently and install the client to c:\windows\system32\grr\%version%\. It will also install a Windows Service, start it, and configure the registry keys to make it talk to the URL/server you specified during repack of the clients on the server.
For OSX you will see a pkg file, install the pkg
For Linux you will see a deb and rpms, install the appropriate one..
Requirements
linux box with Ubuntu
Xenial Server 64-bit.
Recommend > 1GB Ram
Follow these instructions
for an automated install
on an Ubuntu system..
![Page 10: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/10.jpg)
#3ARTIFACT MANAGER
DEMO
![Page 11: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/11.jpg)
#4HUNTING PROCESS
DEMO
![Page 12: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/12.jpg)
#5HASH FILE
DEMO
![Page 13: Presentation Progress TA](https://reader031.vdocuments.mx/reader031/viewer/2022013117/58eb27cc1a28ab87508b467f/html5/thumbnails/13.jpg)
MORE INFO GRR https://github.com/google/grr
Mailing List :[email protected]
More Info
https://github.com/google/grr