Skip to content

Commit

Permalink
Added Velociraptor Past, Present and Future talk (#38)
Browse files Browse the repository at this point in the history
  • Loading branch information
@scudette
scudette authored Feb 18, 2025
1 parent add2674 commit 1c5726a
Show file tree
Hide file tree
Showing 19 changed files with 2,190 additions and 9 deletions.
1 change: 1 addition & 0 deletions .wordlist.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,3 +235,4 @@ DF
TLS
VPN
---------------------------------------------------------
Scalable
11 changes: 11 additions & 0 deletions css/velo.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,17 @@ section.content.optional {
font-size: 2ex;
}


div.hilight h3 {
color: var(--subtitle-color);
text-shadow: 5px 5px 5px var(--subtitle-shadow);
margin-top: 20px;
text-align: left;
width: 100%;
font-size: 2ex;
}


.title .inset {
border-left: solid;
border-width: 5px;
Expand Down
11 changes: 11 additions & 0 deletions docs/css/velo.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,17 @@ section.content.optional {
font-size: 2ex;
}


div.hilight h3 {
color: var(--subtitle-color);
text-shadow: 5px 5px 5px var(--subtitle-shadow);
margin-top: 20px;
text-align: left;
width: 100%;
font-size: 2ex;
}


.title .inset {
border-left: solid;
border-width: 5px;
Expand Down
223 changes: 222 additions & 1 deletion docs/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6907,6 +6907,227 @@ <h1 class="display-5 fw-bold text-body-emphasis">

</li>

</ul>

</li>

<li class="toc_close fs-2">
<span onClick="toggleLeaf(this)">
<i class="fa fa-sm category-icon fa-angle-right"></i>
</span>
<a href="./presentations/velociraptor_past_future/index.html">
Velociraptor: Past, Present and Future
</a>
<a class="btn btn-link print-link" role="button"
href="./presentations/velociraptor_past_future/index.html?print-pdf">
<i class="fa fa-sm fa-print"></i>
</a>

<ul>

<li class="toc_close fs-3">
<span onClick="toggleLeaf(this)">
<i class="fa fa-sm category-icon fa-angle-right"></i>
</span>
<a href="./presentations/velociraptor_past_future/past_future.html">
Velociraptor: Past, Present and Future
</a>

<ul>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/0" >
DFIR in an evolving world.
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/1" >
Digital Forensics
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/3" >
Enterprise Forensics
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/5" >
Challenges in Enterprise Forensics
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/6" >
Time is of the essence!
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/7" >
Focus on answering questions
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/8" >
Velociraptor is born!
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/9" >
Architecture
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/10" >
Scalable, fast, accurate
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/11" >
Interactively investigate clients
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/12" >
Velociraptor Artifacts
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/13" >
Hunts - Collecting at scale
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/14" >
Postprocessing using Notebooks
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/15" >
Improving Scale and Speed
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/16" >
Triaging Using Sigma
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/17" >
Collecting the sigma artifact
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/18" >
Triaging an endpoint
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/19" >
Stacking rules by title
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/20" >
Viewing the stacking stats
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/21" >
Viewing common rows
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/22" >
The future:
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/23" >
If we rely on Digital Forensics, we have already lost!
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/24" >
What if we could prepare for forensics?
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/25" >
Forensic Readiness
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/26" >
What can we do with Velociraptor?
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/28" >
Real Time Sigma alerting
</a>
</li>

<li class="fs-4">
<i class="fa fa-sm category-icon fa-chalkboard"></i>
<a href="./presentations/velociraptor_past_future/past_future.html#/29" >
Conclusions
</a>
</li>

</ul>

</li>

</ul>

</li>
Expand All @@ -6919,7 +7140,7 @@ <h1 class="display-5 fw-bold text-body-emphasis">
<a class="text-reset fw-bold" href="https://rapid7.com/">Rapid7 Inc</a>
</div>
<div class="me-4 text-reset">
Built on 2024-10-18T15:59:05Z
Built on 2025-02-18T13:01:33Z
</div>
</section>
</footer>
Expand Down
4 changes: 2 additions & 2 deletions docs/presentations/dfrws_apac_2024/artifact.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,8 @@ sources:
## How do you execute 400 search warrants simultaneously?
* A large scale co-ordinated operation poses a lot of challenges!
* We dont have hundreds of DF experts! 👮
* A large scale coordinated operation poses a lot of challenges!
* We don't have hundreds of DF experts! 👮
* We can not take images of absolutely everything (Even in 2004!)
* We can not seize every device. 🖥️ 💻📵
* 72 hours to determine relevance!
Expand Down
4 changes: 2 additions & 2 deletions docs/presentations/dfrws_apac_2024/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,8 @@ <h1 style="font-size: 4ex">Digital Forensics is dead! </h1>

## How do you execute 400 search warrants simultaneously?

* A large scale co-ordinated operation poses a lot of challenges!
* We dont have hundreds of DF experts! 👮
* A large scale coordinated operation poses a lot of challenges!
* We don't have hundreds of DF experts! 👮
* We can not take images of absolutely everything (Even in 2004!)
* We can not seize every device. 🖥️ 💻📵
* 72 hours to determine relevance!
Expand Down
4 changes: 2 additions & 2 deletions docs/presentations/dfrws_apac_2024/memory_lane.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,8 @@

## How do you execute 400 search warrants simultaneously?

* A large scale co-ordinated operation poses a lot of challenges!
* We dont have hundreds of DF experts! 👮
* A large scale coordinated operation poses a lot of challenges!
* We don't have hundreds of DF experts! 👮
* We can not take images of absolutely everything (Even in 2004!)
* We can not seize every device. 🖥️ 💻📵
* 72 hours to determine relevance!
Expand Down
4 changes: 2 additions & 2 deletions docs/presentations/dfrws_apac_2024/memory_lane.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,8 @@

## How do you execute 400 search warrants simultaneously?

* A large scale co-ordinated operation poses a lot of challenges!
* We dont have hundreds of DF experts! 👮
* A large scale coordinated operation poses a lot of challenges!
* We don't have hundreds of DF experts! 👮
* We can not take images of absolutely everything (Even in 2004!)
* We can not seize every device. 🖥️ 💻📵
* 72 hours to determine relevance!
Expand Down
Loading

0 comments on commit 1c5726a

Please sign in to comment.