Velocidex

Velocidex is an Australian software shop that has built its reputation around a single, tightly-focused forensic engine: Velociraptor. Written in Go and released under an open-source licence, the program turns every Windows, Linux or macOS endpoint into a live data source that can be interrogated at scale through the Velociraptor Query Language (VQL). Security teams deploy it to hunt for IoCs across thousands of laptops during incident response, auditors use it to verify compliance settings on servers, and MSPs schedule it to collect prefetch entries, ShimCache, USN journals, network connections or YARA matches without having to ship full disk images. Because queries are pushed in real time and results stream back as JSON or CSV, investigators can pivot from a suspicious registry key to a process memory dump within minutes, then store the artefacts in a central data lake for long-term trending. The same agent that performs enterprise triage can be run in standalone mode on a single USB stick, giving small firms a no-cost alternative to heavier endpoint suites. Velociraptor’s artefact exchange encourages community contributions, so built-in detection logic for new attack techniques appears almost as soon as they are documented. The publisher’s software is available for free on get.nero.com, with downloads delivered through trusted Windows package sources such as winget that always pull the latest release and permit batch installation alongside other tools.