Release 0.5.5

This is the next point release for Velociraptor - Digging deeper!

This change introduces some significant improvements, new features and bug fixes. Some notable changes include:

• New binary parser is now available in VQL. This allows for implementing powerful parsers right inside your query.
• Offline collector now stores into a multithreaded ZIP writer - this speeds up collection on multi core machines because multiple cores can compress at the same time.
• Performance optimization for VQL engine - more lazy more places.
• Fixed bugs in NTFS parser cache - this was causing failures in some queries.
• Disable MySQL as a filestore - MySQL backend proved to be lower performance than plain disk and had stability issues. We temporarily withdraw this option until we can work on it more.
• Server side event queues now implement file backed overflow - this makes them more scalable and faster.

Also including a number of interesting new artifacts:

• Splunk upload artifacts match the previous Elastic based ones
• Certutils metadata parser using the new binary parser framework
• Lnk file parser using the new binary parser in VQL.
• The Hive interfacing artifacts

As always please file issues on the Github bug tracker or ask questions on our mailing list velociraptor-discuss@googlegroups.com . You can also chat with us directly on discord https://www.velocidex.com/discord

PS We have a couple of training courses coming up in the next couple months. Consider those, if you want to be able to use Velociraptor like a pro! https://www.velocidex.com/training/

Known issues

• If you intend to use the API please use a CI build later than #879 as there is a known issue with API connections.