Play all

Introduction

Velociraptor VFS

Artifacts & Automation w/ VQL

Sigma Rule matching w/ Hayabusa

Waiting on Hayabusa to finish scan.

How does Hayabusa compare to Chainsaw?

Parsing Hayabusa Findings

PsTree Attempt 1 w/PsList

PsTree Attempt 2 w/Velociraptor Process Tracker

Velociraptor Process Tracker

PSExec Change in v2.30 & How to look for the usage of PSExec

Why this is useful and example use case'

PowerShell Artifacts

Bits Transfer Artifact

How to hunt for multiple compromised machines.

Parsing the Results using VQL

Demo Conclusion

Description:

Explore mass digital forensics and incident response techniques using Velociraptor in this comprehensive video tutorial. Learn about Velociraptor's Virtual File System (VFS), artifacts, and automation with VQL. Discover how to perform Sigma rule matching with Hayabusa and compare it to Chainsaw. Dive into parsing Hayabusa findings, creating process trees using PsList and Velociraptor Process Tracker, and investigating PSExec usage. Examine PowerShell artifacts, Bits Transfer artifacts, and techniques for hunting multiple compromised machines. Master parsing results using VQL to enhance your digital forensics and incident response capabilities.

Mass Digital Forensics & Incident Response with Velociraptor

John Hammond

Add to list

#Information Security (InfoSec) #Digital Forensics #Malware Analysis #Cybersecurity #Incident Response #Business #Strategic Management #Business Analysis #Process Analysis

0:00 / 0:00