velociraptor
velociraptor copied to clipboard
Velocidex
Digging Deeper....
It would be a very useful feature to be able to mass import collections done via the offline collector. At the moment every ZIP archive has to be imported manually...
From the artifact [Windows.NTFS.MFT], we observed that the columns are set. I would like to include permission attributes of a MFT entry as well (You may refer to below screenshot...
When deploying Velociraptor into virtualized environments, and performing collections - there can be resource spikes. Is there or can there be some in-built template to flag endpoints checking in by...
Hello, Is there any way to custom the **Device** letter in Windows.KapeFiles.Targets? Default it should be "C:" letter but sometimes I faced several servers that use another letter (like D,...
Hi, I think it would be a great addition to the offline collector and vql plugins in general, that you could upload to Azure blob storage. The only way right...
We would like a VQL native EVTX carver. Scan logical disk using yara for file type headers. Extract bytes and use binary parser for parsing out records/part records. Windows.Carving.USN is...
Currently all the solutions acquiring memory on linux are hacky and requires external tools. But really on linux memory acquisition pretty simple - just copy /proc/kcore. We should be able...
During an evaluation of the Recyclebin artifact it was identified that this could be improved by incorporation an option to use the MFT parser to first identify $I files. When...
**summary:** `import_collection` does not import custom artifact data if you're importing into a server that doesn't have the custom artifact defined/created; instead, it treats the `Custom.My.Artifact.json` file as an upload....
