Participants will learn how to setup and use Velociraptor, a powerful new open-source tool for network-based surgical forensic evidence collection and analysis, by walking through a series of real-life investigation scenarios including analysing program execution, searching for evidence of lateral movement, hunting for attacker IOCs and performing continuous security monitoring.
Please Note: This is a hands-on technical Lab and all attendees should bring their own Windows 10 laptop to fully participate.
1: Learn how to deploy Velociraptor for network-based surgical forensic evidence collection and analysis.
2: Understand how to perform distributed evidence collection.
3: Create your own artifact hunts.