Mass Digital Forensics & Incident Response with Velociraptor

This is the 1st video of 2 separate videos -- in the next video, Matt will showcase hunting malware with Velociraptor! MASSIVE thank you to Mike Cohen and Matt Green for joining me for this video!   / scudette   ||   / mgreen27  

Thanks to @iamkingsage8571 for contributing timestamps!

00:00 Introduction
01:08 Velociraptor VFS
04:05 Artifacts & Automation w/ VQL
06:16 Sigma Rule matching w/ Hayabusa
07:20 Waiting on Hayabusa to finish scan.
09:20 How does Hayabusa compare to Chainsaw?
10:40 Parsing Hayabusa Findings
13:40 PsTree Attempt 1 w/PsList
17:55 PsTree Attempt 2 w/Velociraptor Process Tracker
19:50 Velociraptor Process Tracker
22:35 PSExec Change in v2.30 & How to look for the usage of PSExec
25:25 Why this is useful and example use case'
26:10 PowerShell Artifacts
27:30 Bits Transfer Artifact
28:50 How to hunt for multiple compromised machines.
30:40 Parsing the Results using VQL
33:20 Demo Conclusion

🔥 YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware