search

ekristen / cast

Cast is an installer for any compatible Saltstack based distribution like SIFT or REMnux
https://ekristen.github.io/cast/
MIT License
90 stars 13 forks source link

Issue with running the SIFTWorkstation after installing the cast #80

Open wzd21 opened 5 months ago

wzd21 commented 5 months ago

Hi! I need your help, please. I am a student in the first module of DigitalForensicsInvestigation. I am trying to install the SIFT Workstation through WSL following the guide from the SANS website (https://www.sans.org/tools/sift-workstation/):

  1. Install Windows Subsystem for Linux (WSL) according to Microsoft’s latest guidance, currently located at https://docs.microsoft.com/en-us/windows/wsl/install-win10. The SIFT distribution can be installed on either WSL version 1 or version2. Choose Ubuntu 22.04 during the WSL installation process.

  2. Launch the Ubuntu Bash Shell and elevate to root (sudo su) to avoid permissions issues during the installation process.

  3. Install the Latest Cast Binary from its release page

  4. Run 'sudo cast install --mode=server teamdfir/sift-saltstack' to install the latest version of SIFT in WSL

  5. Congrats -- you now have a SIFT Workstation in Windows!

After I did all the steps and installed cast v.0.14.0, the terminal notification was: ...INFO[0777] statistics component=installer failed=0 success=571 total=571 INFO[0777] salt-call completed successfully component=installer b32opgh@DESKTOP-2C242CJ: /mnt/c/Users/White/Desktop/CASTSIFT/cast-0.14.10 $ cast --version cast version v0.14.0..."

So the installation is successful. I have a question: now how to run the SIFT Workstation after that? Maybe it sounds foolish, but I am a beginner in Linux, Ubuntu, GitHub, coding and etc., so it is a little bit complicated for me. When I try to run the SIFTWorkstation by commands such as "sansforensics", "siftworkstation" - the message from the terminal is "command not found". When I try to run "sift" or "sift version", the terminal response is "Command 'sift' not found, but can be installed with: sudo apt install python3-guiqwt", and when I install this kind of "apt install" - it installs another SIFT ("Sift v0.2.8: Signal and Image Filtering Tool"), not SIFTWorkstation from SANS. P.S. Also for me it is strange that the cast version appears to be v.0.14.0, but before running "sudo cast install --mode=server teamdfir/sift-saltstack" I have downloaded all the files from v.0.14.10 via this link https://github.com/ekristen/cast/releases/tag/v0.14.10 and cosigned them by this command "cosign verify-blob --key https://github.com/ekristen/cast/releases/download/v0.14.10/cosign.pub --signature https://github.com/ekristen/cast/releases/download/v0.14.10/cast_v0.14.10_linux_amd64.tar.gz.sig \ https://github.com/ekristen/cast/releases/download/v0.14.10/cast_v0.14.10_linux_amd64.tar.gz --insecure-ignore-tlog".

I would be very happy to hear from anyone who can help me with this issue. Thank you a lot!

digitalsleuth commented 5 months ago

Hi @wzd21 , one SIFT is installed, all you have to do is run the WSL Linux environment, and all of the tools are available within. There is no specific "command" to run SIFT, as SIFT is a collection of digital forensics tools. Simply run the command for the tool you wish to use.