Velociraptor
Per the documentation, “VQL is not useful without a good set of plugins that make DFIR work possible. Velociraptor’s strength lies in the wide array of VQL plugins and functions that are geared towards making DFIR investigations and detections effective”.
At the date of the entry of this content, the categories surrounding forensic analysis are:
Searching Filenames
Searching Content
NTFS Analysis
Binary Parsing
Evidence of Execution
Event Logs
Volatile Machine State
Have a skim through Searching Filenames and NTFS Analysis to provide a solid brain dump.