This room introduced me to Velociraptor, an endpoint visibility and forensics tool that allows large-scale collection and monitoring. I learned how to query endpoints, collect forensic data, and investigate suspicious activity across multiple systems at once.
Working with Velociraptor highlighted how powerful centralized forensics can be for enterprise environments. It showed me how this tool can scale investigations that would otherwise be overwhelming if done one endpoint at a time.
