Since its initial release in 2019, Velociraptor has become a go-to tool for DFIR professionals across the globe. Velociraptor is an open source tool for collecting and querying forensic and incident response artifacts across endpoints. Velociraptor is an agent-based technology designed to run as a service on managed endpoints across a corporate environment, or as a standalone component you can deploy post incident. Either way, it allows incident responders to easily collect data from those remote systems, wherever they may be.
Cado Community Edition is a complementary technology, focusing on expediting the processing and analysis of the data once it’s captured. Cado Community Edition leverages the speed of the cloud to do so and integrates nicely with Velociraptor to provide a free end-to-end capture and analysis suite. In fact, several of our users routinely analyze data collected by Velociraptor during investigations using the Cado Community Edition.
Most commonly, users use offline triage to create an agent to collect Windows.KapeFiles.Targets from endpoints, and then upload these KapeFiles to cloud storage where Cado can import, process and analyze them.
This way, users can take advantage of Cado’s cloud-based parallel processing and automated investigation capabilities to quickly rip through these collected artifacts, and paint a picture of what happened on that system.
The combination of Velociraptor and the Cado Community Edition provides an efficient way of collecting, processing and analyzing data from many different types of systems — drastically reducing response time.
You can download the Cado Community Edition, here, or if you’re interested in performing investigation and response across cloud, container and serverless environments, check out the enterprise version of the Cado Platform via our 14-day free trial.