This is the next point release of Velociraptor. This release introduces a large number of new forensic artifacts, parsers and other features as well bugfixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!
New features
- Process analysis plugins: VAD, Handles, Mutants, DLLList, Windows Object tree
- Parser for ESE files - this allows us to process artifacts like the SRUM database and Internet Explorer history files.
- Added JSONL as an optional output - This works well with tools like jq and logstash.
- Added GUI prepare download features for hunts (previously this was only available for individual collections)
- Added VQL trace feature to help people debug VQL queries.
Bugfixes
- Fixed memory leak with watch_evtx() based queries.
- Fixed bug in hunt manager which sometimes would schedule hunt on clients twice.
- GUI was not including all data in the download bundle.
As always file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord