1 / 22

Sans sift

Moshe Caplan moshecaplan@isis.poly.edu. Sans sift. *Presentation partially based on material created for 2012 CSAW Cybersecurity Summer Bootcamp : https://sites.google.com/a/isis.poly.edu/cyfor/hsf-teacher-summer-bootcamp/hsf-teacher-summer-bootcamp---day-3. Introduction.

elsu
Download Presentation

Sans sift

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Moshe Caplan moshecaplan@isis.poly.edu Sans sift *Presentation partially based on material created for 2012 CSAW Cybersecurity Summer Bootcamp: https://sites.google.com/a/isis.poly.edu/cyfor/hsf-teacher-summer-bootcamp/hsf-teacher-summer-bootcamp---day-3

  2. Introduction • SANS Investigative Forensic Toolkit • Ubuntu based machine with many forensics tools • Latest Version: SIFT 2.13 • It is available for free online • You will need to create a free SANS account • You will also need the free VMware Player • http://www.vmware.com/products/player/

  3. Downloading • Make a free SANS account: • https://www.sans.org/account/login • Download it! • http://computer-forensics.sans.org/community/downloads • Webpage also contains information about SIFT, cheat sheets, and tutorials • Two download options • Prebuilt VM (highly recommended) • Bootable iso • Run SIFT live off the CD • Install it as a new Virtual Machine

  4. Important Note • If at any time while you are running the VM your mouse gets stuck in the VM (i.e. you can’t get back to your host machine) press Ctrl + Alt • Also, to switch the mouse to the VM you may need to click inside the VM • Once we install “VMWare Tools” later on in the presentation, this should no longer be a problem

  5. If You Downloaded: Prebuilt VM • Extract the downloaded files • Double click the VM configuration file (.vmx) • Answer “I copied it” if it asks about the files • VMWare will add the VM to your library and boot it

  6. If You Downloaded:iso (1) • OpenVMWare Player and select “Create a New Machine” • Point it to your “iso” file • It’s ok if it doesn’t recognize your OS • For the OS choose “Linux” and “Ubuntu” • Name your VM • I gave mine an 8 GB Hard Drive and left “Split into multiple files” selected • Finish and Power On

  7. If You Downloaded:iso (2) • Two options for using SIFT • Run live from “cd” • No installation • No hard drive so can’t save anything • Select “live” • Install to Hard Drive • Operates as a regular machine • Select “install”

  8. Live Mode • If you select “live” it will boot up to the login screen • Password is “forensics” • That’s it. Setup process is complete!

  9. Full Installation • If you select “installer” the installation wizard will begin • Setup the language, date, and keyboard layout • For the “Prepare Disk Space” step • Select: “Erase and use the entire disk” • Create your user account • However, you will still login with the default account “sansforensics” • Review and Install! • Note: A few times when I restarted the machine it wouldn’t boot. If this happens select : • Virtual Machine -> Power -> Power Off • Then start the machine again

  10. For All Setup Options • You should now be at the login screen • Password is “forensics”

  11. Desktop • After logging in you will see the desktop

  12. Remaining Steps • The remaining steps only apply if you used the “Prebuilt VM” or did a “Full Installation” • If you are running in “live mode” you cannot perform these steps • The following slides will explain how to: • Install System Updates • Install / Update VMWareTools • Set up Shared Folders

  13. Installing System Updates • Open a command line terminaland run the following two commands • sudo apt-get update • sudo apt-get upgrade • Answer “y” (for yes) if it asks you any questions • You should run these commands every so often to install any new system updates

  14. Installing VMWareTools (1) • VMWare Tools provides an enhanced VM experience • Allows for better integration between your VM and host machine • Shared Folders • Mouse Support • Copy / Paste • Much more • You should always install it

  15. Installing VMWare Tools (2) • If you did “Full Installation” you first need to remove the “iso” (the Virtual CD) • Power off the VM • From the main VMWare Player Window • Images for these steps are on the next slide • Select your VM • Click “Edit VM Settings” • Under “Hardware” select CD / DVD • In the right hand column switch “Connection” to “Use Physical Drive” and “Auto Detect”

  16. Main VMWare Player Window

  17. Installing VMWare Tools (3) • For both the “Full Installation” and “Prebuilt VM” • Power on and Log in • On the top menu bar select: • Virtual Machine -> Install (Update) VMWare Tools

  18. Installing VMWare Tools (4) • Click the CD “VMWare Tools” that will appear on the Desktop • Right-click the VMWare Tools compressed file and extract it to the Desktop • Open a Terminal • Change directories to the vmware tools folder we put on the Desktop with this command • cd /home/sansforensics/Desktop/vmware-tools-distrib • Execute the installer file as root • sudo perl vmware-installer.pl • Hit enter to accept the defaults for any questions it asks • When installation finishes restart the VM • You can now delete the folder we extracted to the Desktop

  19. Installing VMWare Tools (5)

  20. Setting Up Shared Folders • Shared Folders allows you to share a specific folder between your host machine and VM • Setup Instructions can be found here: • https://sites.google.com/a/isis.poly.edu/cyfor/discussion-forum?place=topic%2Fcyforhsf%2FrVlRTZNqms4%2Fdiscussion • These instructions were written for a different VM, but the directions are essentially the same • You will still delete any “Shared Folders” if there were any already created • In your VM the link on the Desktop to your Shared Folders is called “VMWare-Shared-Drive”

  21. That’s it! • You can now use your VM for anything you want • I recommend checking out the cheat sheets and tutorials which are provided by SANS • They can be found at: • The website you downloaded your VM • Some of them are on your VM Desktop

  22. Screenshot

More Related