Mass Digital Forensics & Incident Response with Velociraptor
Offered By: John Hammond via YouTube
Course Description
Overview
Explore mass digital forensics and incident response techniques using Velociraptor in this comprehensive video tutorial. Learn about Velociraptor's Virtual File System (VFS), artifacts, and automation with VQL. Discover how to perform Sigma rule matching with Hayabusa and compare it to Chainsaw. Dive into parsing Hayabusa findings, creating process trees using PsList and Velociraptor Process Tracker, and investigating PSExec usage. Examine PowerShell artifacts, Bits Transfer artifacts, and techniques for hunting multiple compromised machines. Master parsing results using VQL to enhance your digital forensics and incident response capabilities.
Syllabus
Introduction
Velociraptor VFS
Artifacts & Automation w/ VQL
Sigma Rule matching w/ Hayabusa
Waiting on Hayabusa to finish scan.
How does Hayabusa compare to Chainsaw?
Parsing Hayabusa Findings
PsTree Attempt 1 w/PsList
PsTree Attempt 2 w/Velociraptor Process Tracker
Velociraptor Process Tracker
PSExec Change in v2.30 & How to look for the usage of PSExec
Why this is useful and example use case'
PowerShell Artifacts
Bits Transfer Artifact
How to hunt for multiple compromised machines.
Parsing the Results using VQL
Demo Conclusion
Taught by
John Hammond
Related Courses
Introduction to Operations ManagementWharton School of the University of Pennsylvania via Coursera Cómo implantar grupos de mejora de procesos
Miríadax Business Process Management
Saarland University via Independent Operations Management
University of Illinois at Urbana-Champaign via Coursera Business Analysis 101
Procurro Solutions via iversity