~w00p~

Pretty cool/convenient #velociraptor 🦖 feature, I didn't know: offline collection.

Allows to collect artifacts from "air-gapped" systems, or simply, systems with no connectivity to your Velociraptor Server.

  • from the backend, select the artifacts you want to collect and create the collection binary
  • run the binary on the subject device --> it will collect and put the artifacts in a ZIP
  • get the ZIP back to the analysis machine and import the artifacts to the Velociraptor backend

    • https://docs.velociraptor.app/docs/deployment/offline_collections/

    #dfir

    Offline Collections :: Velociraptor - Digging deeper!

    Apr 5 at 5:37pmWeb