moshe caplan moshecaplan@isis poly edu n.
Skip this Video
Loading SlideShow in 5 Seconds..
Sans sift PowerPoint Presentation

Sans sift

589 Vues Download Presentation
Télécharger la présentation

Sans sift

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Moshe Caplan Sans sift *Presentation partially based on material created for 2012 CSAW Cybersecurity Summer Bootcamp:

  2. Introduction • SANS Investigative Forensic Toolkit • Ubuntu based machine with many forensics tools • Latest Version: SIFT 2.13 • It is available for free online • You will need to create a free SANS account • You will also need the free VMware Player •

  3. Downloading • Make a free SANS account: • • Download it! • • Webpage also contains information about SIFT, cheat sheets, and tutorials • Two download options • Prebuilt VM (highly recommended) • Bootable iso • Run SIFT live off the CD • Install it as a new Virtual Machine

  4. Important Note • If at any time while you are running the VM your mouse gets stuck in the VM (i.e. you can’t get back to your host machine) press Ctrl + Alt • Also, to switch the mouse to the VM you may need to click inside the VM • Once we install “VMWare Tools” later on in the presentation, this should no longer be a problem

  5. If You Downloaded: Prebuilt VM • Extract the downloaded files • Double click the VM configuration file (.vmx) • Answer “I copied it” if it asks about the files • VMWare will add the VM to your library and boot it

  6. If You Downloaded:iso (1) • OpenVMWare Player and select “Create a New Machine” • Point it to your “iso” file • It’s ok if it doesn’t recognize your OS • For the OS choose “Linux” and “Ubuntu” • Name your VM • I gave mine an 8 GB Hard Drive and left “Split into multiple files” selected • Finish and Power On

  7. If You Downloaded:iso (2) • Two options for using SIFT • Run live from “cd” • No installation • No hard drive so can’t save anything • Select “live” • Install to Hard Drive • Operates as a regular machine • Select “install”

  8. Live Mode • If you select “live” it will boot up to the login screen • Password is “forensics” • That’s it. Setup process is complete!

  9. Full Installation • If you select “installer” the installation wizard will begin • Setup the language, date, and keyboard layout • For the “Prepare Disk Space” step • Select: “Erase and use the entire disk” • Create your user account • However, you will still login with the default account “sansforensics” • Review and Install! • Note: A few times when I restarted the machine it wouldn’t boot. If this happens select : • Virtual Machine -> Power -> Power Off • Then start the machine again

  10. For All Setup Options • You should now be at the login screen • Password is “forensics”

  11. Desktop • After logging in you will see the desktop

  12. Remaining Steps • The remaining steps only apply if you used the “Prebuilt VM” or did a “Full Installation” • If you are running in “live mode” you cannot perform these steps • The following slides will explain how to: • Install System Updates • Install / Update VMWareTools • Set up Shared Folders

  13. Installing System Updates • Open a command line terminaland run the following two commands • sudo apt-get update • sudo apt-get upgrade • Answer “y” (for yes) if it asks you any questions • You should run these commands every so often to install any new system updates

  14. Installing VMWareTools (1) • VMWare Tools provides an enhanced VM experience • Allows for better integration between your VM and host machine • Shared Folders • Mouse Support • Copy / Paste • Much more • You should always install it

  15. Installing VMWare Tools (2) • If you did “Full Installation” you first need to remove the “iso” (the Virtual CD) • Power off the VM • From the main VMWare Player Window • Images for these steps are on the next slide • Select your VM • Click “Edit VM Settings” • Under “Hardware” select CD / DVD • In the right hand column switch “Connection” to “Use Physical Drive” and “Auto Detect”

  16. Main VMWare Player Window

  17. Installing VMWare Tools (3) • For both the “Full Installation” and “Prebuilt VM” • Power on and Log in • On the top menu bar select: • Virtual Machine -> Install (Update) VMWare Tools

  18. Installing VMWare Tools (4) • Click the CD “VMWare Tools” that will appear on the Desktop • Right-click the VMWare Tools compressed file and extract it to the Desktop • Open a Terminal • Change directories to the vmware tools folder we put on the Desktop with this command • cd /home/sansforensics/Desktop/vmware-tools-distrib • Execute the installer file as root • sudo perl • Hit enter to accept the defaults for any questions it asks • When installation finishes restart the VM • You can now delete the folder we extracted to the Desktop

  19. Installing VMWare Tools (5)

  20. Setting Up Shared Folders • Shared Folders allows you to share a specific folder between your host machine and VM • Setup Instructions can be found here: • • These instructions were written for a different VM, but the directions are essentially the same • You will still delete any “Shared Folders” if there were any already created • In your VM the link on the Desktop to your Shared Folders is called “VMWare-Shared-Drive”

  21. That’s it! • You can now use your VM for anything you want • I recommend checking out the cheat sheets and tutorials which are provided by SANS • They can be found at: • The website you downloaded your VM • Some of them are on your VM Desktop

  22. Screenshot