-
On a relatively fresh download of SIFT3, ran update-sift and it started generating errors. Everything from mantaray down failed to install. Any package I tried to apt-get after that failed to install.…
-
For 16.04 and the next version of the build script, we are going to use saltstack, it gives more programmatic control over installing various packages, scripts, patches that we need.
-
* work in progress for CI config travis or kitchen.
https://github.com/juju4/sift-saltstack/tree/devel
https://travis-ci.org/juju4/sift-saltstack
- travis
As a note, travis easily stall in my exp…
juju4 updated
7 years ago
-
- [x] - bulk-extractor (source: https://github.com/simsong/bulk_extractor)
- [x] - liblightgrep
- [x] - passivedns
- [x] - plaso (waiting for the plaso team to release 16.04 packages)
- [x] - vol…
-
There's a few additions to your list you might appreciate
Devon Ackerman's Definitive DFIR Compendium Project
https://docs.google.com/spreadsheets/d/1JY-iyw-LEuPCkBAdjorMJhmhGRusN95eLmejWcky7XU/ed…
-
As written in this article :
https://dfir.it/blog/2016/12/07/webshells-rise-of-the-defenders-part-4/
When scanning a directory with PMF, the output has a double slash because yara concatenates it …
-
Using vshadowmount included via SANS's SIFT workstation I get a segfault when attempting to access a volume shadow copy. vshadowmount works, and I can even losetup the resulting vss1, etc. files, but …
-
I attempted to update my VM using sudo update-sift. I have attached the output. I reviewed some other issues related to updating sift - they are similar, but my error seems to involve a laundry list…
-
The DShield block list is no longer working as of today (03/30/2017). Specifically, these URLs both fail:
https://www.dshield.org/block.txt
http://feeds.dshield.org/block.txt
Please double chec…
-
I think Go is an ideal language for DFIR, convenient enough to build small tools and scripts (see [blackfists/deez_factors](https://github.com/blackfist/deez_factors) or [SummitRoute/osxlockdown](http…