
#### Let's select two artifacts to collect:
1. Windows.KapeFiles.Targets
* Select the Basic Collection to get many forensic artifacts
2. Generic.Collectors.SQLECmd
---
### Selecting the Windows.KapeFiles.Targets artifact

---
### Configuring the collector to encrypt output

---
### Downloading the prepared binary

---
## Offline collector binaries
* Preconfigured to collect the required artifacts
* No user interaction needed - just run with no command line args
* Prepare armoured Zip file with all the results in them
---
### Acquire data!

---
## Acquired file is encrypted
* Due to limitations in the Zip format, file names can not be encrypted.
* Therefore, Velociraptor creates a second protected Zip file inside
the outer container.
* Several encryption schemes supported:
1. Regular password
2. X509 - random password generated and encrypted with the server's certificate.
3. GPG - random password generated and encrypted with the GPG public key.
---
## Acquired file is encrypted

---
## Importing into Velociraptor
* Velociraptor can automatically decrypted offline containers when
importing.
* Use the Server.Utils.ImportCollection artifact to import collections
* The server uses its private key to unlock the container automatically.
* This preserves PII and confidential information in transit!
---
### Import the collection into the Velociraptor server

---
### Inspect the import process

---
### Inspect the collected data
