Velociraptor Velocidex
winget install --id=Velocidex.Velociraptor -e Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
Velociraptor is a powerful tool designed for collecting host-based state information using The Velociraptor Query Language (VQL) queries. It serves as an advanced digital forensic and incident response solution, enabling users to enhance their visibility into endpoints.
Key Features:
- Targeted collection of digital forensic evidence across multiple endpoints simultaneously.
- Continuous monitoring of endpoint events, including event logs, file modifications, and process executions.
- Centralized storage of collected data for historical review and analysis.
- Threat hunting capabilities with a library of forensic artifacts and the ability to customize queries to specific needs.
Audience & Benefit: Ideal for IT professionals, security teams, and incident responders who require efficient collection of forensic data, real-time monitoring, and proactive threat detection. Velociraptor empowers users to act swiftly in identifying and mitigating security threats while maintaining a scalable and cost-effective solution.
Velociraptor can be installed via winget.