Faster DFIR Outcomes utilising Velociraptor [EMEA]

Presented by

Michael Cohen, Digital Paleontologist at Rapid7

About this talk

You have likely heard of Velociraptor - the leading open source DFIR platform! Velociraptor provides unprecedented deep visibility into the endpoint with an impressive number of built in and community contributed analysis modules. With all the capabilities that Velociraptor comes with, it can be hard to know exactly which artifact to collect when responding to any one situation. This can be even harder when the clock is ticking while containing an incident! In this real world, practical walk through of Velociraptor, Mike Cohen, the main developer of Velociraptor will work through a typical DFIR investigation: Detecting and containing an attacker who gains a foothold on a network. We will examine techniques for hunting at scale for the attacker to identify their foothold and reconstruct the event timeline. We then detect attacker persistence to prevent re-infection. Finally we remediate the network by removing the adversary's access. Join us to gain a practical understanding of core capabilities of Velociraptor, and how it can be leveraged to quickly identify and contain attackers.
Related topics:

More from this channel

Upcoming talks (24)
On-demand talks (620)
Subscribers (53583)
Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.