Velocistack is a free and open solution for streamlined host-based forensics and investigation.
- Collect forensic artifacts
- Post-process collections
- Visualize collections or hunt results
- Create cases for investigation
- Enrich results with additional context
To allow individuals to quickly spin up a local, integrated environment for analysis and investigation of forensic artifacts collected by Velociraptor, using popular free and open tools.
- Analysts
- Incident Responders
- Students
- Anyone!
- Tested on Ubuntu 20.04, although 18.04 should work as well (or other distros)
- Docker should be installed.
- The Docker Compose plugin should be installed: https://docs.docker.com/compose/install/
git clone https://github.com/weslambert/velocistack && cd velocistack
sudo ./install_velocistack
Currently, authentication occurs primarily through Velociraptor. It proxies all services, except for IRIS and IntelOwl
User: admin
Password: admin
User: administrator
Password: admin
Create superuser credentials for IntelOwl by running the following command from the CLI:
sudo docker exec -ti uwsgi python3 manage.py createsuperuser
https://$YOURIP/velocistack
https://$YOURIP/velocistack/cyberchef
https://$YOURIP/velocistack/grafana
https://$YOURIP:8443
https://$YOURIP/
https://$YOURIP/velocistack/prometheus
https://$YOURIP/velocistack/kibana
If you experience an error with cadvisor and /var/lib/docker, try replacing the volume with /var/snap/docker/common/var-lib-docker/ (for Docker installs that have occurred via snap).