This is the next point release for Velociraptor - Digging deeper!
This change addresses a number of bug fixes and new features:
- Artifact preconditions are now supported by clients natively (Fixes #930 )
- Added column_filter() plugin to be able to remove columns from
SELECT * FROMexpressions - Added a process accessor which allows directly operating on process memory (e.g. yara scan, upload etc).
- Added Windows.Forensics.ProcessInfo to extract process information from the process PEB
As always please file issues on the Github bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord