1 مستودع
Techniques for interrogating the internal state and activity of an operating system kernel and object manager.
Distinct from Window Query Filters: The candidates are all related to UI window management, whereas this feature is about low-level OS internals and WMI queries.
Explore 1 awesome GitHub repository matching operating systems & systems programming · Operating System State Analysis. Refine with filters or upvote what's useful.
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Velociraptor queries the Windows Object Manager and execute WMI queries to monitor OS activity.