Velociraptor is a powerful forensic tool with many parsers, analysis modules and features. When new users are introduced to Velociraptor it is sometimes difficult to know where to start!
Many users have been using other popular tools before trying Velociraptor. These pages compare how certain tasks are done in Velociraptor in comparison with other tools.
Velociraptor is an open source project! We would love for people to contribute to these pages. These pages are still a work in progress!
If you know of a popular DFIR tool that is not well covered or maybe
we missed some cool feature, please open an issue or contribute a PR
by pressing the Edit this page button at the top of this page.
The following pages serve a number of goals:
Introduce people more familiar with these traditional tools to the Velociraptor equivalent artifacts.
Provide a comparison of Velociraptor’s features vs. other tools. Many people are unaware of all the functionality present in Velociraptor and these pages summarize it in a high level way.
These comparisons helps the Velociraptor team to understand any gaps in Velociraptor’s capabilities so they can be remediated in future.
Maintaining artifacts in VQL allows Velociraptor to be the
swiss army knife of DFIR. Using the same artifacts in a
distributed and enterprise ready context helps to make many of the
tools more robust and accessible.