velociraptor
velociraptor copied to clipboard
Velocidex
Digging Deeper....
Currently an artifact parameter when blanked after setting to a value passes the empty string to the artifact instead of the default value. Hunt Overview does not display this parameter...
The Windows.Remediation.Quarantine artifact assumes http or https urls and does not figure out the correct server check url to verify server connectivity We need to update the artifact to work...
Can I use the parse_ntfs function to parse a standalone $MFT file? I'm participating in a CTF that gave me a single $MFT file that I need to analyze to...
While playing around with the VQL function [timestamp](https://docs.velociraptor.app/vql_reference/basic/timestamp/), I noticed that I was unable to affect the output using the parameter "timezone". compare the results from + `SELECT timestamp(string="Thu Aug...
Add the following artifact for collecting Chrome download history: Note: I'm not familiar with the SQLiteHunter Artifact and this may need to be refactored to work with the SQLiteHunter velociraptor/artifacts/definitions/Windows/Application/Chrome/Downloads.yaml...
The LocalLogs client monitoring artifact seems to be written with Windows in mind, as its default LocalFilename is "%TEMP%/locallogs.log". This is fine, except when the artifact is executed on, say...
This is a feature request. There are instances where (due to many uncontrollable factors) that an upload is interrupted. Normally for small file uploads, this is fine as we can...
We should be able to parse the output of `Windows.KapeFiles.Targets` directly into elastic in a format that Time Sketch understands Currently people do this via moving the bulk data to...
I built and installed a client package using velociraptor-v0.72.4-linux-arm64, following the guidelines provided in the [Deploying Clients](https://docs.velociraptor.app/docs/deployment/clients/#linux) documentation during the installation. While working on the frontend, after removing the package...
It might be worth refactoring this artifact. as I noticed an issue in the SRUM artifact parsing a 2019 server. Looks like extraction is incomplete when comparing to SRUMDump tool....
