This lab is an introduction to help understand how Velociraptor can access data.
GUI mode will be used throughout the workshop. We will be using VQL plugins and running queries against various accessors to compare the results.
This is a fairly long lab best suited to newer users, feel free to skip a head if you have good understanding of VQL and how it can interact with Windows systems.
Velociraptor available on the desktop to run as per Lab: GUI mode walk through
Open cmd, browse to desktop and run: velociraptor .exe gui --datastore=./VRdata -v
The Velociraptor GUI is configured to open automatically upon start, but the credentials are available below:
https://127.0.0.1:8889/adminpasswordThe above is an introduction to Velociraptor accessors and not a complete overview of all available use cases. Please continue in further labs for some more interesting examples.