Skip to content

@scudette scudette released this Nov 12, 2019 · 28 commits to master since this release

This is the next point release of Velociraptor. This release introduces a number of large changes in the API and data store representation. It is possible that previous data will not be readable by the newer binary. Please make sure to backup your data store if you want to keep it through the upgrade process.

  • Added a javascript interpreter within VQL
  • Major refactor of client/server comms protocols. The new protocol is more efficient for larger uploads.
  • Implemented active client side cancellation. When a flow is stopped it will immediately cancel all running queries on the client. This is especially useful if you find you do not need the artifact collected any more.
  • velociraptor config repack can now repack external binaries.
  • EVTX parser will now include the event message by extracting it from the message DLLs. The message will be expanded with the EventData parameters on the end point to provide a more complete picture of event logs on Windows.
  • Added the parse_mft() plugin to parse and export all the filename in the MFT. This can be used in conjunction with the Windows.NTFS.Recover artifact to potentially recover deleted files.

As always file issues on the bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 7
You can’t perform that action at this time.