Exploring Velociraptor - Open-source Digital Forensics and Incident Response Tool

In today's video we look at Velociraptor! We'll do a brief introduction to the platform, show you how to get your first agent installed, then we'll cover deploying your own self hosted sever using Portainer, Docker and then we'll use Nginx Proxy Manager to handle all of our incoming traffic encryption.

Crafted by experts in Digital Forensic and Incident Response (DFIR), it serves those seeking a robust tool for artifact hunting and activity monitoring across numerous endpoints. With Velociraptor, users gain enhanced capabilities to tackle various challenges in digital forensics, cyber incident responses, and data breach investigations.

Some features:

⌚ Piece together the sequence of an attacker’s actions using digital forensic techniques.
⌚ Search for traces of advanced threat actors.
⌚ Examine malware incidents and other unusual network behaviors.
⌚ Continuously oversee user actions for signs of suspicious activities, like copying files to USB devices.
⌚ Determine if confidential information has been disclosed beyond the network.
⌚ Collect data from endpoints over time to aid in threat detection and subsequent investigations.

There is so much more that this application can do then I cover here. Please use the resources below to become familiar with this extremely helpful tool.

Chapters:
0:00 - Intro
0:55 - GUI
1:50 - Configuring a client
3:10 - Installing client on Windows
3:50 - Working with clients
4:40 - Setting up your own server
6:12 - Deploying the stack with Portainer
9:25 - Configuring the server's config file
14:00 - Configuring Nginx Proxy Manager
16:15 - Additional resources on the Velociraptor official site

Resources: