Velociraptor - Dig Deeper

Explore the capabilities of Velociraptor, a powerful DFIR tool for large-scale hunting, in this 32-minute conference talk from OSDFCon 2021. Discover how Velociraptor's VQL query language enables rapid adaptation to fluid DFIR intrusions, providing unprecedented reach, flexibility, and power to responders. Learn about the tool's ability to perform analysis directly on endpoints, allowing defenders to collect high-value, tactical information for effective response. Examine practical examples of Velociraptor's use in typical DFIR scenarios, including compromise assessment, widespread remediation, and rapid response. Follow the process of developing a detection idea, writing VQL to implement it, and hunting across a large network of 10,000+ hosts to identify compromised systems within minutes. Gain insights into elevating custom detections to real-time monitoring rules, enabling autonomous offline detection of future compromises. Presented by Dr. Mike Cohen, a seasoned expert in incident response and digital forensics with over 20 years of experience, this talk offers valuable knowledge for DFIR professionals seeking to enhance their toolkit and response capabilities.

Velociraptor: Dig Deeper with Mike Cohen [OSDFCon 2021]