Velociraptor is a sophisticated digital forensics and incident response tool designed to improve your insight into endpoint activities.
- Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple endpoints simultaneously.
- Persistently gather events from endpoints, including event logs, file changes, and process activities. Store these events centrally for an unlimited period, allowing for historical examination and analysis.
- Be proactive rather than reactive. You can use a collection of forensic artifacts to actively hunt for questionable activities and tailor the search to meet your unique threat detection requirements.
The tool is available for free on GitHub.
More resources: