The next generation in endpoint visibility.

With a solid architecture, a library of customisable forensic artefacts and its own unique and flexible query language, Velociraptor provides the next generation in endpoint monitoring, digital forensic investigations and cyber incident response.

Collect

At the press of a (few) buttons, perform targetted collection of digital forensic evidence simultaneously across your endpoints, with speed and precision.

Monitor

Continuously collect endpoint events such as event logs, file modifications and process execution. Centrally store events indefinitely for historical review and analysis.

Hunt

Don't wait until an event occurs. Actively search for suspicious activities using our library of forensic artefacts, then customise to your specific threat hunting needs.

Respond

When serious events occur on an endpoint, trigger an automated response to collect evidence, silently block malicious activity or lockdown endpoints entirely.

Explore

Customise artefacts

Defined DFIR artefacts

Pre-defined DFIR artefacts

Browse connected clients

Review endpoint details

Powerful file finding

Monitor connections

Examine remote files

Open source

As an open source platform, Velociraptor continues to evolve and improve through feedback and input from practitioners on the front lines of cyber security and digital forensic investigations. As your needs change, so can Velociraptor.

Deploys in minutes

Velociraptor works natively on Windows, macOS and Linux. It's distributed as a static binary with no libraries or dependencies. You can create a server within minutes and easy deploy clients using SCCM or Group Policy, even run in agentless mode.

Powered by VQL

The Velociraptor Query Language (VQL) is an expressive query language designed to adapt to your requirements easily and without needing to modify any code nor deploy additional software. VQL encapsulates digital forensic expertise into human readable files called 'artifacts' which can be shared and exchanged freely within the community.

Commercially supported

Velociraptor is being actively developed by Velocidex Enterprises, an established business entity providing professional services, custom development and training to organisations who require a higher level of commercial support.

Build upon real-world experience

Velociraptor is built by digital forensic and incident response practitioners and used on real-world investigations every day. As we encounter new challenges and requirements, we develop new features and artefacts, which are contributed back into the project, for the benefit of the whole community.

Performance management

We know that performance is critical and opertional impact must be minimised. Velociraptor provides real-time performance monitoring and endpoint throttling to run more intense hunts 'low and slow' thereby minimising any operational impact.

Velocidex Enterprises

A unique Australian technology company.

Proven track record

Lead by industry experts with over 20 years of proven experience in developing digital forensic software and using it successfully in thousands of real-life DFIR cases.

Trust and integrity

Our team are trusted advisors to hundreds of clients across Australia and internationally, providing digital forensic services on the most sensitive cases.

Real life support

We provide both in-house and online professional services and training to support deployment and use of Velocirator across your networks.

About us

Velocidex Enterprises was founded by well established industry professionals with many years of proven expertise in the development of digital forensic software and its use to support a wide range of digital forensic investigations and cyber breach response cases.

Velociraptor aims to provide the "last step" in the process of digital forensic investigations, security monitoring and threat hunting. We already know a great deal about how to investigate computer systems and monitor for malicious activities. Velociraptor aims to encapsulte this industry knowledge and empower both experts and novices to leverage it, to collect and analyse evidence of malicious activities with speed and precision.

Mike Cohen

Mike is a renowned digital forensic researcher and senior software engineer. He's supported leading open-source DFIR projects including as a core developer of Volatility and lead developer of both Rekall and Grr Rapid Response.

Mike is our "Digital Paleontologist" and brings his years of expertise to the role of principal developer of Velociraptor.

Nick Klein

Nick has over 20 years experience in DFIR investigations. Since 2009, his team at Klein & Co. have helped clients across Australia and internationally. Nick is also a SANS instructor who teaches advanced DFIR skills to students around the world.

Nick brings this real-world expertise into the development of Velociraptor, for the whole DFIR community to benefit.

Start using Velociraptor

Learn how Download Latest