orochi | The Volatility Collaborative GUI | Cybersecurity library

Using Docker-compose you can start multiple dockers and link them together. (*) It is also possible to run plugins_sync and symbols_sync directly from the admin page in case new plugins or new symbols are available.
Start cloning the repo and enter in the folder:
ElasticSearch container likes big mmap count so from shell do sysctl -w vm.max_map_count=262144 otherwise docker image of Elastic would not start. To set this value permanently, add vm.max_map_count=262144 in /etc/sysctl.conf. In case you are running docker on Windows you can do wsl -d docker-desktop sysctl -w vm.max_map_count=262144 from PowerShell.
You need to set some useful variables that docker-compose will use for configure the environment Here is a sample of .env\.local\.postgres: POSTGRES_HOST=postgres POSTGRES_PORT=5432 POSTGRES_DB=orochi POSTGRES_USER=debug POSTGRES_PASSWORD=debug Here is a sample of .env\.local\.django: USE_DOCKER=yes IPYTHONDIR=/app/.ipython REDIS_URL=redis://redis:6379/0 ELASTICSEARCH_URL=http://es01:9200 DASK_SCHEDULER_URL=tcp://scheduler:8786 By default ALLOWED_HOSTS config permits access from everywhere. If needed you can change it from .envs\.local\.django
If needed you can increase or decrease Dask workers to be started. In order to do this you have to update the docker-compose.yml file changing the number of replicas in the deploy section of worker service.
You can pull images with command:
Or build images with command:
Now it's time to fire up the images!
When finished - it takes a while - you can check the status of images:
Now some management commands in case you are upgrading: docker-compose run --rm django python manage.py makemigrations docker-compose run --rm django python manage.py migrate docker-compose run --rm django python manage.py collectstatic
Sync Volatility plugins (*) in order to make them available to users: docker-compose run --rm django python manage.py plugins_sync
Volatility Symbol Tables are available here and can be sync using this command (*): docker-compose run --rm django python manage.py symbols_sync
To create a normal user account, just go to Sign Up (http://127.0.0.1:8000) and fill out the form. Once you submit it, you'll see a "Verify Your E-mail Address" page. Go to your console to see a simulated email verification message. Copy the link into your browser. Now the user's email should be verified and ready to go. In development, it is often nice to be able to see emails that are being sent from your application. For that reason local SMTP server Mailhog with a web interface is available as docker container. Container mailhog will start automatically when you will run all docker containers. Please check cookiecutter-django Docker documentation for more details how to start all containers. With MailHog running, to view messages that are sent by your application, open your browser and go to http://127.0.0.1:8025
Other details in cookiecutter-django Docker documentation
register your user
login with your user and password
upload a memory dump and choose a name, the OS and the color: in order to speed up the upload it accepts also zipped files.
When the upload is completed, all enabled Volatility plugins will be executed in parallel thanks to Dask. With Dask it is possible to distribute jobs among different servers.
You can configure which plugin you want run by default through admin page.
As the results come, they will be shown.
Is it possible to view the results of a plugin executed on multiple dumps, for example view simultaneously processes list output of 2 different machines.
Orochi homepage: http://127.0.0.1:8000
Orochi admin: http://127.0.0.1:8000/admin
Mailhog: http://127.0.0.1:8025
Kibana: http://127.0.0.1:5601
Dask: http://127.0.0.1:8787