DFIR with Dinosaurs: Unearthing Artifacts and Host Hunting with Velociraptor

This presentation will discuss how security teams can perform multi-platform host-based artifact collection, processing, and hunting using a completely free and open-source tool called Velociraptor. Designed to be simple, yet powerful, Velociraptor allows for security practitioners to quickly and easily build their own detections and gain context around events during an investigation, or while performing routine endpoint monitoring. Attendees should walk away from the presentation with a general knowledge of how they can start using Velociraptor in their environment to enhance their enterprise security monitoring and incident response strategy.