Introducing Velociraptor's forensic capabilities and discussing its at-scale hunting and live, deep forensics abilities.

• Explains the significance of the hostname in filenames for sourcing machine information.
• Describes how Velociraptor can be used for forensics across many machines and for focused investigations on a single machine.
• Emphasizes Velociraptor's advantage in speed and efficiency over traditional forensic tools like Volatility.

Showcasing how to use Velociraptor for Yara hunting and artifact analysis.

• Runs a Yara hunt to demonstrate how Velociraptor can search across multiple machines using Yara rules.
• Discusses the use of various artifacts and how Velociraptor can access most endpoint data, like processes and files.
• Details how to use Yara for process analysis, showing a practical example with malware installed in the demo environment.

A deep dive into performing advanced forensic tasks using Velociraptor, including memory analysis and data carving.

• Discusses memory acquisition and analysis capabilities, including pulling DLLs and analyzing virtual address descriptors (VADs).
• Shows how to conduct targeted memory analysis to search for specific conditions like .NET assembly injections.
• Demonstrates the power of Velociraptor's live analysis and the ability to query individual memory sections.

Demonstrating real-time data carving and extraction with Velociraptor for malware analysis.

• Uses Velociraptor to carve data from memory, highlighting its ability to perform remote at-scale reverse engineering.
• Shows the decoding of strings from malware in memory and provides a blog reference for more information.
• Presents how to refine searches for malware analysis using advanced Velociraptor queries.

Illustrating how Velociraptor can be used in practical case studies for malware analysis.

• Details an example of analyzing a malicious JavaScript payload and the subsequent Powershell commands executed.
• Discusses the use of Velociraptor for enriching artifacts with process chain information for in-depth analysis.
• Highlights the ability to monitor and reverse engineer malware execution in real-time.

Exploring advanced hunting and analysis techniques with Velociraptor, including file scanning and config decoding.

• Explains the use of Yara to scan for malicious files on disk and how Velociraptor can process the results.
• Shows how to decode and analyze Cobalt Strike configurations using Velociraptor's capabilities.
• Demonstrates the process of normalizing and parsing complex malware data for forensic analysis.

Discussing the Velociraptor community and upcoming training opportunities.

• Highlights the supportive Velociraptor community on Discord and GitHub, emphasizing the inclusive environment for learning and sharing.
• Mentions the upcoming Black Hat training for a comprehensive learning experience.
• Encourages participation in the community for those interested in further exploring Velociraptor's forensic capabilities.