YoVDO

Starting with Velociraptor Incident Response

Offered By: DFIRScience via YouTube

Tags

Incident Response Courses Cybersecurity Courses Digital Forensics Courses Threat Hunting Courses

Course Description

Overview

Learn how to set up and use Velociraptor IR, an open-source endpoint visibility tool for incident response and digital forensic triage. Explore client monitoring, threat hunting, and response tasks across networks. Set up a test environment to understand Velociraptor's layout and features, including adding and monitoring clients, conducting hunts, and utilizing the Artifact Exchange. Dive into the client management interface, virtual file system, data store structure, and various functionalities like quarantine host and VQL drilldown. Create hunts, configure artifacts, and use regular expressions for effective searches. Discover how to set up server and client monitors, work with notebooks, and manage host-specific options. Gain practical insights into Velociraptor IR's main features and find additional resources for further learning.

Syllabus

Velociraptor Incident Response
WARNING
Downloading Velociraptor IR
Verify Velociraptor IR binaries IMPORTANT
Download Velociraptor IR developer key
Setting binary run permissions in Linux
Velociraptor IR first run
Creating a client a server config
Client config file - set server local IP address
Copy client config to clients
Start the Velociraptor IR server GUI
Velociraptor IR interface first run
Start and enroll the Velociraptor IR client
Velociraptor IR search clients
Velociraptor IR add client labels
Velociraptor IR client management interface
Velociraptor IR client - Interrogate
Velociraptor IR client - Virtual File System VFS
Velociraptor IR client - Collected
A quick look at Velociraptor data store structure
Velociraptor IR client - Quarantine Host
Velociraptor IR client - Overview
Velociraptor IR client - VQL Drilldown
Velociraptor IR client - Shell
Left Menu Feature Tour
Hunts
Create a hunt
Select hunt artifacts
Velociraptor IR Artifact Exchange
Linux.Search.FileFinder
Configure artifact parameters
Regular expressions
Specify Resources
Review
Launch hunt
View hunt results
View/Edit Artifacts
Server Events
Create a new server monitor
Server Artifacts
Notebooks
Host Information
Host Specific Options
Host Monitoring
Create a new client monitor
Main Features Review
Where to find more resources
Thank you for your support!


Taught by

DFIRScience

Related Courses

Foundations of Computer Science for Teachers
The University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX