Velociraptor


Description

Velociraptor is an open source endpoint monitoring tool developed by Velocidex Enterprises. Velociraptor provides the next generation in endpoint visibility with a solid architecture, a library of customizable forensic artifacts and its own unique and flexible query language, all in a free and open source tool.

Purpose

Velociraptor is a powerful endpoint monitoring tool that includes the ability to execute many complex forensic actions (e.g. taking memory images, creating a filesystem timeline) from a single console. I highly recommend checking out their website to gain a more comprehensive understanding of this powerful tool’s capabilities: https://www.velocidex.com/

Configuration Details

  • The Velociraptor console is installed on Logger
  • The agent is installed on all 3 Windows hosts

Data Location

Velociraptor collects data locally to the filesystem.