Orochi Logo

Orochi

0
Free
Visit Website

Orochi is an open source framework for collaborative forensic memory dump analysis. Using Orochi, you and your collaborators can easily organize your memory dumps and analyze them all at the same time. Orochi architecture uses Volatility 3, saves Volatility results in ElasticSearch, distributes loads among nodes using Dask, uses Django as frontend, uses Postgresql to save users and analysis metadata such as status and errors, uses MailHog to manage the users registration emails, and uses Redis for caching.

FEATURES

ALTERNATIVES

A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.

Open source tool for generating YARA rules about installed software from a running OS.

A simple Golang application for storing NIST National Software Reference Library Reference Data Set (NSRL RDS) with md5 and sha1 hash lookup searches.

A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.

A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.

Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.

A tool for creating compact Linux memory dumps compatible with popular debugging tools.

A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.