-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Digital Forensics and Incident Response
By :

Velociraptor is a feature-rich platform that can be leveraged for a wide range of digital forensics and incident response tasks. For the purposes of this discussion, the focus will be on using Velociraptor to access the remote system command line to return data along with running evidence collection binaries.
Velociraptor is a feature-rich tool with a wide range of capabilities. In this chapter, the focus will be on getting basic information about the endpoint, evidence acquisition through the command line, and finally, acquiring an evidence package for further analysis. This should be enough to at least gain some familiarity with Velociraptor. In later chapters, we will look at using Velociraptor for analysis and threat hunting.
One tool that is often overlooked when conducting an initial triage analysis is the Windows command line. From here, an analyst can examine running processes...
Change the font size
Change margin width
Change background colour