Black Friday 2024: 25+ Ways to Save on Online Learning

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Starting with Velociraptor Incident Response

DFIRScience via YouTube

Start learning Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Grab it
Learn how to set up and use Velociraptor IR, an open-source endpoint visibility tool for incident response and digital forensic triage. Explore client monitoring, threat hunting, and response tasks across networks. Set up a test environment to understand Velociraptor's layout and features, including adding and monitoring clients, conducting hunts, and utilizing the Artifact Exchange. Dive into the client management interface, virtual file system, data store structure, and various functionalities like quarantine host and VQL drilldown. Create hunts, configure artifacts, and use regular expressions for effective searches. Discover how to set up server and client monitors, work with notebooks, and manage host-specific options. Gain practical insights into Velociraptor IR's main features and find additional resources for further learning.

Syllabus

Velociraptor Incident Response
WARNING
Downloading Velociraptor IR
Verify Velociraptor IR binaries IMPORTANT
Download Velociraptor IR developer key
Setting binary run permissions in Linux
Velociraptor IR first run
Creating a client a server config
Client config file - set server local IP address
Copy client config to clients
Start the Velociraptor IR server GUI
Velociraptor IR interface first run
Start and enroll the Velociraptor IR client
Velociraptor IR search clients
Velociraptor IR add client labels
Velociraptor IR client management interface
Velociraptor IR client - Interrogate
Velociraptor IR client - Virtual File System VFS
Velociraptor IR client - Collected
A quick look at Velociraptor data store structure
Velociraptor IR client - Quarantine Host
Velociraptor IR client - Overview
Velociraptor IR client - VQL Drilldown
Velociraptor IR client - Shell
Left Menu Feature Tour
Hunts
Create a hunt
Select hunt artifacts
Velociraptor IR Artifact Exchange
Linux.Search.FileFinder
Configure artifact parameters
Regular expressions
Specify Resources
Review
Launch hunt
View hunt results
View/Edit Artifacts
Server Events
Create a new server monitor
Server Artifacts
Notebooks
Host Information
Host Specific Options
Host Monitoring
Create a new client monitor
Main Features Review
Where to find more resources
Thank you for your support!

Taught by

DFIRScience

Reviews

Start your review of Starting with Velociraptor Incident Response

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.