Skip to content

Release 0.3.7
Compare
Choose a tag to compare
@scudette scudette released this 07 Dec 04:07
· 2324 commits to master since this release
v0.3.7
ff4d5f7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This is the next point release of Velociraptor. This release introduces a large number of new forensic artifacts, parsers and other features as well bugfixes and performance enhancements. Thanks everyone for reporting issues through the issue board and Discord!

New features

  • Process analysis plugins: VAD, Handles, Mutants, DLLList, Windows Object tree
  • Parser for ESE files - this allows us to process artifacts like the SRUM database and Internet Explorer history files.
  • Added JSONL as an optional output - This works well with tools like jq and logstash.
  • Added GUI prepare download features for hunts (previously this was only available for individual collections)
  • Added VQL trace feature to help people debug VQL queries.

Bugfixes

  • Fixed memory leak with watch_evtx() based queries.
  • Fixed bug in hunt manager which sometimes would schedule hunt on clients twice.
  • GUI was not including all data in the download bundle.

As always file issues on the bug tracker or ask questions on our mailing list [email protected] . You can also chat with us directly on discord https://www.velocidex.com/discord

Assets 7
Loading