This is the next point release for Velociraptor: 0.3.4
This release introduces many bug fixes and performance improvements. The main features in this release include the porting of the KapeFile repository into a single artifact. The KapeFiles rules are geared at forensic file collection for triaging. The Velociraptor artifact also implements VSS deduplication - retrieving all relevant versions of the files collected.
Also this release includes a number of interesting arifacts:
- I30 scanning for recovering potentially deleted files.
- Autoruns artifact - this artifact uses sysinternals autoruns to find potentially malicious programs. It is an excellent example of how third party tools can be integrated with velociraptor.
- Kerberoasting collection - determines if a weak golden ticket is issued.
As always file issues on the bug tracker or ask your questions on our mailing list velociraptor-discuss@googlegroups.com