You have probably seen Velociraptor mentioned in the Community before in the context of collecting state information from hosts, even collecting local email data.
I came across this presentation on the weekend from Eric Capuano of Recon InfoSec and thought I would share.
This is a good overview of live incident response against a compromised environment and shows off Velociraptor’s capabilities nicely. Check it out when you have some free time, even if you are more on the DF side of DFIR 
