Digging Deeper with Velociraptor - DFIR Beast Mode…
- Mike Cohen
- Comfy con au 2020 winter
- April 11, 2020
The old way of performing in-depth forensic analysis and incident response with your existing tools is clearly not adequate or scalable to many endpoints. Velociraptor, an advanced open source endpoint visibility tool, is the ideal tool for effectively investigating, hunting and monitoring your endpoints with minimal fuss.
This will be a quick tour of the latest Velociraptor release. Velociraptor’s unique approach to DFIR is its powerful Velociraptor Query Language (VQL) which powers all aspects of the tool. We will see how to quickly customize endpoint collection and analysis by crafting and modifying VQL, how to collect basic artifacts and post process the collected data to quickly identify compromised endpoints at scale. We finally show how automated remediation can be used to quickly remove wide ranging compromise efficiently.