Velociraptor was developed by DFIR professionals who needed a powerful and efficient way to hunt for specific artifacts and monitor activities across a fleet of endpoints. It provides you with the ability to respond more effectively to a wide range of digital forensic and cyber incident response investigations and data breaches
Velociraptor is unique because the Velociraptor executable can act as a server or a client and it can run on Windows, Linux, and MacOS. Velociraptor is also compatible with cloud file systems, such as Amazon EFS and Google Filestore.
We can use velociraptor.exe GUI to launch an instant velociraptor on Windows
Command:
#start the velociraptor server (ubuntu server)
cd velociraptor
./velociraptor-v0.5.8-linux-amd64 --config server.config.yaml frontend -v
#Add windows client in CMD (If client is windows)
cd C:\\Program Files\\Velociraptor
velociraptor-v0.5.8-windows-amd64.exe --config velociraptor.config.yaml client -v
Additional Information about the client
Details about: