Velociraptor is an open source endpoint monitoring tool developed by Velocidex Enterprises. Velociraptor provides the next generation in endpoint visibility with a solid architecture, a library of customizable forensic artifacts and its own unique and flexible query language, all in a free and open source tool.
Velociraptor is a powerful endpoint monitoring tool that includes the ability to execute many complex forensic actions (e.g. taking memory images, creating a filesystem timeline) from a single console. I highly recommend checking out their website to gain a more comprehensive understanding of this powerful tool’s capabilities: https://www.velocidex.com/
Velociraptor collects data locally to the filesystem.