A knowledge base tip aims to help users answer a specific
question.
Clicking "Contribute" below will allow you to add a new kb
article to this repository. You will be taken to Github
where you can create a new article using the knowledge base
template described below.
Please provide a name for the file above prior to preparing
a pull request. This file is in markdown
format. Remember: The aim of this article is to
quickly answer an immediate need for users who may not be
familiar with Velociraptor or DFIR in general. It should
have pointers for further research or links to other
knowledge base articles.
# The article should begin with a title (start with #)...
The title should be in the form of a question or task - for example: "How do I search for malicious downloaded files?" (The website will use the first heading as the searchable title.)
The first paragraph after the title should be a short description of the kb article. It will be searchable on the main knowledge base page.
The rest of the article is normal markdown. You can also include screenshots by simply pasting them into the github editor.
You can tag your tip using the following syntax. A line starting with Tags: will be removed from the final text. For example:
Tags: #deployment, #vql
Once you finish writing the article, simply save it to a local branch and send a pull request.