This is the next point release for Velociraptor - Digging deeper! This release introduces a number of new features as well as bug fixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!
This release includes many bug fixes and performance improvements, as well as new features:
- NTFS parser can now efficiently collect sparse files like the USN journal.
- Notebooks can be exported to zip files.
- Added Windows.Search.VSS to enable live hunting of the VSS
- Added the ability to load artifact packs - efficiently load a zip file containing many artifacts.
- Call yara's ScanFile() API when accessor is not specified - this allows yara to mmap the files for faster scanning.
- Artifact collector can now produce a HTML report.
- Velociraptor now supports third party tools directly in the artifact definition.
As always please file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord