GRR Rapid Response is an incident response framework focused on remote live forensics. It based on client server architecture, so there’s an agent which is installed on target systems and a Python server infrastructure that can manage and communicate with the agents.
Dumping memory from an operating system can be complicated and is not built-in feature. You also have to keep in mind that memory dumps are a snapshot in time of what is in the memory. The memory is constantly changing every second so having the right tool can be the difference between getting the data you need and having it lost forever. There are various tools for each operating system to accomplish memory dumps. Some tools are easier to setup and use than others and some tools are portable apps. I have provided links at the bottom of this post to all the tools I cover within this post.
Kippo is typically the go to application for information security researchers looking to set up an SSH honeypot. Likewise the Cowire honeypot is forked from the Kippo project. I personally believe that Cowire is better than Kippo and has fixed some common issues within Kippo. Below I go through a simple instillation of Cowire on Ubuntu 14.04. Within the coming posts I will show some of the common ways attackers detect a Cowire/Kippo instance, and its short comings. Please keep in mind that I mean no disrespect to the developers of the Kippo honeypot! They have provided the most used honeypot on the internet today and have truly done a remarkable job.