BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Starting with Velociraptor Incident Response

DFIRScience via YouTube

Start learning Write review

Overview

This course teaches how to utilize Velociraptor Incident Response (IR) for endpoint visibility, client monitoring, threat hunting, and digital forensic triage. By setting up Velociraptor IR in a test environment, you will learn to add, monitor, and hunt with clients. The course covers topics such as downloading and verifying Velociraptor IR, creating client-server configurations, conducting hunts, managing clients, and utilizing Velociraptor IR features like hunts, artifacts, server events, and client monitoring. The intended audience for this course includes digital forensics professionals, incident responders, cybersecurity analysts, and anyone interested in open-source endpoint visibility tools for IR and threat hunting.

Syllabus

Velociraptor Incident Response
WARNING
Downloading Velociraptor IR
Verify Velociraptor IR binaries IMPORTANT
Download Velociraptor IR developer key
Setting binary run permissions in Linux
Velociraptor IR first run
Creating a client a server config
Client config file - set server local IP address
Copy client config to clients
Start the Velociraptor IR server GUI
Velociraptor IR interface first run
Start and enroll the Velociraptor IR client
Velociraptor IR search clients
Velociraptor IR add client labels
Velociraptor IR client management interface
Velociraptor IR client - Interrogate
Velociraptor IR client - Virtual File System VFS
Velociraptor IR client - Collected
A quick look at Velociraptor data store structure
Velociraptor IR client - Quarantine Host
Velociraptor IR client - Overview
Velociraptor IR client - VQL Drilldown
Velociraptor IR client - Shell
Left Menu Feature Tour
Hunts
Create a hunt
Select hunt artifacts
Velociraptor IR Artifact Exchange
Linux.Search.FileFinder
Configure artifact parameters
Regular expressions
Specify Resources
Review
Launch hunt
View hunt results
View/Edit Artifacts
Server Events
Create a new server monitor
Server Artifacts
Notebooks
Host Information
Host Specific Options
Host Monitoring
Create a new client monitor
Main Features Review
Where to find more resources
Thank you for your support!

Taught by

DFIRScience

Reviews

Start your review of Starting with Velociraptor Incident Response

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.