-
-
Go hunting.
Harness digital forensic expertise to proactively find suspicious activities.
Learn how Download Latest </
-
Stop attackers in their tracks.
Monitor for dangerous events and respond with accuracy and flexibilty.
Learn how Download Latest
The next generation in endpoint visibility.
With a solid architecture, a library of customisable forensic artefacts and its own unique and flexible query language, Velociraptor provides the next generation in endpoint monitoring, digital forensic investigations and cyber incident response.
Collect
At the press of a (few) buttons, perform targetted collection of digital forensic evidence simultaneously across your endpoints, with speed and precision.
Monitor
Continuously collect endpoint events such as event logs, file modifications and process execution. Centrally store events indefinitely for historical review and analysis.
Hunt
Don't wait until an event occurs. Actively search for suspicious activities using our library of forensic artefacts, then customise to your specific threat hunting needs.
Respond
When serious events occur on an endpoint, trigger an automated response to collect evidence, silently block malicious activity or lockdown endpoints entirely.
Explore
Open source
As an open source platform, Velociraptor continues to evolve and improve through feedback and input from practitioners on the front lines of cyber security and digital forensic investigations. As your needs change, so can Velociraptor.
Deploys in minutes
Velociraptor works natively on Windows, macOS and Linux. It's distributed as a static binary with no libraries or dependencies. You can create a server within minutes and easy deploy clients using SCCM or Group Policy, even run in agentless mode.
Powered by VQL
The Velociraptor Query Language (VQL) is an expressive query language designed to adapt to your requirements easily and without needing to modify any code nor deploy additional software. VQL encapsulates digital forensic expertise into human readable files called 'artifacts' which can be shared and exchanged freely within the community.
Commercially supported
Velociraptor is being actively developed by Velocidex Enterprises, an established business entity providing professional services, custom development and training to organisations who require a higher level of commercial support.
Build upon real-world experience
Velociraptor is built by digital forensic and incident response practitioners and used on real-world investigations every day. As we encounter new challenges and requirements, we develop new features and artefacts, which are contributed back into the project, for the benefit of the whole community.
Performance management
We know that performance is critical and opertional impact must be minimised. Velociraptor provides real-time performance monitoring and endpoint throttling to run more intense hunts 'low and slow' thereby minimising any operational impact.
Velocidex Enterprises
A unique Australian technology company.
Proven track record
Lead by industry experts with over 20 years of proven experience in developing digital forensic software and using it successfully in thousands of real-life DFIR cases.
Trust and integrity
Our team are trusted advisors to hundreds of clients across Australia and internationally, providing digital forensic services on the most sensitive cases.
Real life support
We provide both in-house and online professional services and training to support deployment and use of Velocirator across your networks.
About us
Velocidex Enterprises was founded by well established industry professionals with many years of proven expertise in the development of digital forensic software and its use to support a wide range of digital forensic investigations and cyber breach response cases.
Velociraptor aims to provide the "last step" in the process of digital forensic investigations, security monitoring and threat hunting. We already know a great deal about how to investigate computer systems and monitor for malicious activities. Velociraptor aims to encapsulte this industry knowledge and empower both experts and novices to leverage it, to collect and analyse evidence of malicious activities with speed and precision.
Mike Cohen
Mike is a renowned digital forensic researcher and senior software engineer. He's supported leading open-source DFIR projects including as a core developer of Volatility and lead developer of both Rekall and Grr Rapid Response.
Mike is our "Digital Paleontologist" and brings his years of expertise to the role of principal developer of Velociraptor.
Nick Klein
Nick has over 20 years experience in DFIR investigations. Since 2009, his team at Klein & Co. have helped clients across Australia and internationally. Nick is also a SANS instructor who teaches advanced DFIR skills to students around the world.
Nick brings this real-world expertise into the development of Velociraptor, for the whole DFIR community to benefit.