Not able to Install sift-cli-linux on Ubuntu Server 16.04 LTS (HVM)

teamdfir / sift

SIFT

MIT License

492 stars 65 forks source link

Thanks, I have read the Installation of sift properly and now i am able to install the Sift in Ubuntu. but at the end of Installation I got the error which highlight in bold mentioned below...

Kindly let me know sift tools installed properly or mission some tools.

root@ip-192-168-1-8:/usr/local/bin# sift install

sift-cli@1.6.1-master.bde3e23 sift-version: notinstalled

Installing and configuring SaltStack properly ...

downloading v2018.22.0

downloading sift-saltstack-v2018.22.0.tar.gz.asc downloading sift-saltstack-v2018.22.0.tar.gz.sha256 downloading sift-saltstack-v2018.22.0.tar.gz.sha256.asc downloading sift-saltstack-v2018.22.0.tar.gz validating file sift-saltstack-v2018.22.0.tar.gz validating signature for sift-saltstack-v2018.22.0.tar.gz.sha256 extracting update sift-saltstack-v2018.22.0.tar.gz performing update v2018.22.0 Log file: /var/cache/sift/cli/v2018.22.0/saltstack.log

Completed: python-software-properties (Took: 4271.619 ms) Completed: apt-transport-https (Took: 841.026 ms) Completed: deb https://apt.dockerproject.org/repo ubuntu-xenial main (Took: 4028.954 ms) Completed: sift-gift-dev (Took: 594.676 ms) Completed: gift (Took: 6795.759 ms) Completed: sift-dev (Took: 481.633 ms) Completed: sift-repo (Took: 6937.507 ms) Completed: software-properties-common (Took: 5.779 ms) Completed: noobslab-themes (Took: 6762.072 ms) Completed: noobslab-icons (Took: 6988.137 ms) Completed: openjdk-repo (Took: 7092.309 ms) Completed: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse (Took: 3458.324 ms) Completed: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse (Took: 3417.41 ms) Completed: deb http://archive.ubuntu.com/ubuntu/ xenial universe (Took: 6260.682 ms) Completed: ubuntutweak (Took: 0.384 ms) Completed: sift-repos (Took: 0.372 ms) Completed: binplist (Took: 11.422 ms) Completed: unity-webapps-common (Took: 9.53 ms) Completed: aeskeyfind (Took: 2212.966 ms) Completed: afflib-tools (Took: 3301.67 ms) Completed: afterglow (Took: 3269.851 ms) Completed: aircrack-ng (Took: 4219.156 ms) Completed: apache2 (Took: 7613.216 ms) Completed: arp-scan (Took: 4778.582 ms) Completed: autopsy (Took: 13221.387 ms) Completed: bcrypt (Took: 3191.856 ms) Completed: bitpim (Took: 38443.027 ms) Completed: bitpim-lib (Took: 879.798 ms) Completed: bkhive (Took: 2378.11 ms) Completed: bless (Took: 14714.616 ms) Completed: blt (Took: 3613.433 ms) Completed: build-essential (Took: 11114.737 ms) Completed: bulk-extractor (Took: 126993.056 ms) Completed: cabextract (Took: 3243.434 ms) Completed: ccrypt (Took: 3407.288 ms) Completed: cifs-utils (Took: 6590.245 ms) Completed: clamav (Took: 5985.796 ms) Completed: cmospwd (Took: 3207.279 ms) Completed: cryptcat (Took: 3295.366 ms) Completed: cryptsetup (Took: 1019.731 ms) Completed: curl (Took: 8.41 ms) Completed: dc3dd (Took: 2470.602 ms) Completed: dcfldd (Took: 3256.857 ms) Completed: dconf-tools (Took: 3625.451 ms) Completed: docker-engine (Took: 9268.704 ms) Completed: driftnet (Took: 3233.657 ms) Completed: dsniff (Took: 3392.351 ms) Completed: dumbpig (Took: 3201.466 ms) Completed: e2fslibs-dev (Took: 4498.818 ms) Completed: ent (Took: 3241.033 ms) Completed: epic5 (Took: 3371.437 ms) Completed: etherape (Took: 4513.234 ms) Completed: ettercap-graphical (Took: 3933.763 ms) Completed: exfat-fuse (Took: 3397.529 ms) Completed: exfat-utils (Took: 883.337 ms) Completed: exif (Took: 2385.282 ms) Completed: extundelete (Took: 3227.068 ms) Completed: fdupes (Took: 3232.923 ms) Completed: feh (Took: 4303.727 ms) Completed: flasm (Took: 3322.402 ms) Completed: flex (Took: 884.868 ms) Completed: foremost (Took: 2351.336 ms) Completed: g++ (Took: 880.067 ms) Completed: gawk (Took: 5.264 ms) Completed: gcc (Took: 5.068 ms) Completed: gdb (Took: 3607.649 ms) Completed: gddrescue (Took: 3347.679 ms) Completed: ghex (Took: 3778.397 ms) Completed: git (Took: 876.261 ms) Completed: graphviz (Took: 3323.111 ms) Completed: gthumb (Took: 18976.963 ms) Completed: gzrt (Took: 3282.52 ms) Completed: hexedit (Took: 3364.404 ms) Completed: htop (Took: 3361.867 ms) Completed: hydra (Took: 4366.693 ms) Completed: hydra-gtk (Took: 3389.396 ms) Completed: ipython (Took: 5697.332 ms) Completed: jq (Took: 3368.188 ms) Completed: kdiff3 (Took: 48358.291 ms) Completed: knocker (Took: 3334.921 ms) Completed: kpartx (Took: 3292.5 ms) Completed: lft (Took: 3332.708 ms) Completed: libafflib-dev (Took: 3172.176 ms) Completed: libafflib0v5 (Took: 949.915 ms) Completed: libbde (Took: 3911.629 ms) Completed: libbde-tools (Took: 3684.582 ms) Completed: libesedb (Took: 4667.59 ms) Completed: libesedb-tools (Took: 4535.351 ms) Completed: libevt (Took: 4432.154 ms) Completed: libevt-tools (Took: 4565.951 ms) Completed: libevtx (Took: 4524.886 ms) Completed: libevtx-tools (Took: 5938.827 ms) Completed: libewf (Took: 4716.724 ms) Completed: libewf-dev (Took: 951.257 ms) Completed: libewf-python (Took: 2833.567 ms) Completed: libewf-tools (Took: 5365.942 ms) Completed: libffi-dev (Took: 4388.364 ms) Completed: libfuse-dev (Took: 5058.271 ms) Completed: libfvde (Took: 5246.129 ms) Completed: libfvde-tools (Took: 4912.103 ms) Completed: liblightgrep (Took: 885.663 ms) Completed: libmsiecf (Took: 3792.621 ms) Completed: libncurses5-dev (Took: 3543.133 ms) Completed: libnet1 (Took: 879.801 ms) Completed: libolecf (Took: 3560.076 ms) Completed: libparse-win32registry-perl (Took: 4362.527 ms) Completed: libpff (Took: 6156.339 ms) Completed: libpff-dev (Took: 7803.757 ms) Completed: libpff-python (Took: 3753.402 ms) Completed: libpff-tools (Took: 4618.886 ms) Completed: libplist-utils (Took: 3403.594 ms) Completed: libregf (Took: 4395.218 ms) Completed: libregf-dev (Took: 6048.189 ms) Completed: libregf-python (Took: 3826.475 ms) Completed: libregf-tools (Took: 3602.317 ms) Completed: libssl-dev (Took: 941.04 ms) Completed: libtext-csv-perl (Took: 3530.682 ms) Completed: libvmdk (Took: 4299.732 ms) Completed: libvshadow (Took: 4138.616 ms) Completed: libvshadow-dev (Took: 5571.062 ms) Completed: libvshadow-python (Took: 4058.444 ms) Completed: libvshadow-tools (Took: 3755.033 ms) Completed: libxml2-dev (Took: 5918.501 ms) Completed: libxslt-dev (Took: 4477.678 ms) Completed: md5deep (Took: 3403.856 ms) Completed: nbd-client (Took: 8369.775 ms) Completed: nbtscan (Took: 3354.91 ms) Completed: netcat (Took: 880.056 ms) Completed: netpbm (Took: 5.391 ms) Completed: netsed (Took: 2468.136 ms) Completed: netwox (Took: 4579.718 ms) Completed: nfdump (Took: 4281.129 ms) Completed: ngrep (Took: 3360.975 ms) Completed: nikto (Took: 4950.769 ms) Completed: okular (Took: 5630.585 ms) Completed: open-iscsi (Took: 879.693 ms) Completed: openjdk-7-jdk (Took: 5.359 ms) Completed: ophcrack (Took: 2808.712 ms) Completed: ophcrack-cli (Took: 3347.801 ms) Completed: outguess (Took: 3429.558 ms) Completed: p0f (Took: 3398.005 ms) Completed: p7zip-full (Took: 3446.635 ms) Completed: pdftk (Took: 6005.976 ms) Completed: perl (Took: 880.496 ms) Running: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c-> Completed: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' (Took: 0.397 ms) Completed: pev (Took: 2539.105 ms) Completed: phonon (Took: 879.25 ms) Completed: pkg-config (Took: 2493.19 ms) Completed: python-plaso (Took: 886.412 ms) Completed: python-dfvfs (Took: 9.597 ms) Completed: python3-xlsxwriter (Took: 9.503 ms) Completed: python-xlsxwriter (Took: 3169.419 ms) Completed: python-dfvfs (Took: 37425.43 ms) Completed: python-plaso (Took: 45358.077 ms) Completed: plaso-tools (Took: 3696.888 ms) Completed: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb (Took: 1363.996 ms) Completed: sift-powershell (Took: 6252.783 ms) Completed: pv (Took: 3514.243 ms) Completed: pyew (Took: 3883.64 ms) Completed: python (Took: 881.085 ms) Completed: python-dev (Took: 5174.549 ms) Completed: python-flowgrep (Took: 3329.711 ms) Completed: python-fuse (Took: 3214.871 ms) Completed: python-nids (Took: 3186.052 ms) Completed: python-ntdsxtract (Took: 3745.119 ms) Completed: python-pefile (Took: 939.824 ms) Completed: python-pip (Took: 6400.947 ms) Completed: pytsk3 (Took: 886.569 ms) Completed: python-pytsk3 (Took: 5.225 ms) Completed: python-qt4 (Took: 3764.292 ms) Completed: python-tk (Took: 3162.634 ms) Completed: python-virtualenv (Took: 3951.266 ms) Completed: colorama (Took: 5734.703 ms) Completed: construct (Took: 3250.39 ms) Completed: dpapick (Took: 17053.249 ms) Completed: distorm3 (Took: 7264.306 ms) Completed: haystack (Took: 7336.329 ms) Completed: lxml (Took: 6563.351 ms) Completed: ioc_writer (Took: 6290.207 ms) Completed: pefile (Took: 3304.147 ms) Completed: pycoin (Took: 6393.792 ms) Completed: pysocks (Took: 6302.947 ms) Completed: simplejson (Took: 7132.162 ms) Completed: yara-python (Took: 4649.818 ms) Completed: python-volatility (Took: 8472.292 ms) Completed: https://github.com/sans-dfir/volatility-plugins-community.git (Took: 3146.501 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ (Took: 89.036 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py (Took: 0.429 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py (Took: 0.373 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py (Took: 0.382 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py (Took: 0.362 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py (Took: 0.355 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py (Took: 0.358 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py (Took: 0.368 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py (Took: 0.356 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py (Took: 0.354 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py (Took: 0.468 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py (Took: 0.358 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py (Took: 0.354 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py (Took: 0.352 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py (Took: 0.355 ms) Completed: python-yara (Took: 5.114 ms) Completed: python3 (Took: 5.111 ms) Completed: python3-pip (Took: 7655.395 ms) Completed: qemu (Took: 13227.043 ms) Completed: qemu-utils (Took: 889.65 ms) Completed: radare2 (Took: 4328.706 ms) Completed: rar (Took: 3430.73 ms) Completed: readpst (Took: 3941.562 ms) Completed: rsakeyfind (Took: 3381.912 ms) Completed: safecopy (Took: 3388.905 ms) Completed: samba (Took: 7643.269 ms) Completed: samdump2 (Took: 895.63 ms) Completed: scalpel (Took: 2747.734 ms) Completed: sleuthkit (Took: 963.193 ms) Completed: socat (Took: 2522.826 ms) Completed: ssdeep (Took: 3429.223 ms) Completed: ssldump (Took: 3403.045 ms) Completed: sslsniff (Took: 3551.159 ms) Completed: stunnel4 (Took: 4108.793 ms) Completed: system-config-samba (Took: 5605.005 ms) Completed: tcl (Took: 3556.978 ms) Completed: tcpflow (Took: 3501.175 ms) Completed: tcpick (Took: 3463.08 ms) Completed: tcpreplay (Took: 3456.912 ms) Completed: tcpslice (Took: 3408.509 ms) Completed: tcpstat (Took: 3419.835 ms) Completed: tcptrace (Took: 3523.673 ms) Completed: tcptrack (Took: 3517.779 ms) Completed: tcpxtract (Took: 3437.414 ms) Completed: testdisk (Took: 3409.333 ms) Completed: tofrodos (Took: 3423.273 ms) Completed: transmission (Took: 4503.801 ms) Completed: unity-control-center (Took: 30773.949 ms) Completed: unrar (Took: 3493.934 ms) Completed: upx-ucl (Took: 3665.486 ms) Completed: vbindiff (Took: 3464.378 ms) Completed: vim (Took: 966.894 ms) Completed: virtuoso-minimal (Took: 3839.634 ms) Completed: vmfs-tools (Took: 3424.175 ms) Completed: winbind (Took: 4789.442 ms) Completed: dpkg --add-architecture i386 (Took: 756.471 ms) Completed: sift-wine-apt-update (Took: 39993.573 ms) Completed: wine (Took: 44902.308 ms) Completed: wireshark (Took: 13281.619 ms) Completed: xdot (Took: 4451.345 ms) Completed: xfsprogs (Took: 893.136 ms) Completed: xmount (Took: 3141.331 ms) Completed: xpdf (Took: 4945.002 ms) Completed: zenity (Took: 964.003 ms) Completed: sift-packages (Took: 0.56 ms) Completed: git+https://github.com/dkovar/analyzeMFT.git@64c71d7c8905a119b7abdf9813e6ef5f11d3ccf1 (Took: 2469.677 ms) Completed: git+https://github.com/mbevilacqua/appcompatprocessor.git@46ba76a73fcf71640f2a6e9db02afaaac3e178b9 (Took: 30123.082 ms) Completed: argparse (Took: 5550.368 ms) Completed: bitstring (Took: 6663.298 ms) Completed: docopt (Took: 6640.94 ms) Completed: geoip2 (Took: 7356.492 ms) Completed: machinae (Took: 19291.548 ms) Completed: pip==9.0.1 (Took: 8499.676 ms) Completed: python-dateutil >= 2.4.2 (Took: 3437.553 ms) Completed: python-evtx (Took: 5981.342 ms) Completed: python-magic (Took: 3479.732 ms) Completed: python-registry (Took: 1963.318 ms) Completed: setuptools (Took: 5114.084 ms) Completed: wheel (Took: 4311.111 ms) Completed: /opt/rekall (Took: 120576.13 ms) Completed: rekall (Took: 1899.994 ms) Completed: /usr/local/bin/rekall (Took: 29.591 ms) Completed: six (Took: 1957.439 ms) Completed: stix (Took: 5888.526 ms) Completed: stix-validator (Took: 4922.02 ms) Completed: timesketch (Took: 17874.775 ms) Completed: unicodecsv (Took: 4071.363 ms) Completed: usnparser (Took: 4072.612 ms) Completed: virustotal-api (Took: 3611.038 ms) Completed: windowsprefetch (Took: 4121.335 ms) Completed: sift-python-packages (Took: 0.467 ms) Completed: /usr/local/src/densityscout/densityscout_build_45_linux (Took: 736.592 ms) Completed: /usr/local/bin/densityscout-build-45 (Took: 0.876 ms) Completed: /usr/local/bin/densityscout (Took: 28.437 ms) Completed: /usr/local/bin/sift (Took: 839.509 ms) Completed: sift-tools (Took: 0.374 ms) Completed: https://github.com/cheeky4n6monkey/4n6-scripts.git (Took: 2313.068 ms) Completed: /usr/local/bin/WP8_AppPerms.py (Took: 1.324 ms) Completed: /usr/local/bin/bing-bar-parser.pl (Took: 1.129 ms) Completed: /usr/local/bin/chunkymonkey.py (Took: 1.13 ms) Completed: /usr/local/bin/dextract.def (Took: 1.097 ms) Completed: /usr/local/bin/dextract.py (Took: 2.329 ms) Completed: /usr/local/bin/docx-font-extractor.pl (Took: 1.093 ms) Completed: /usr/local/bin/exif2map.pl (Took: 1.092 ms) Completed: /usr/local/bin/fbmsg-extractor.py (Took: 1.132 ms) Completed: /usr/local/bin/gis4cookie.pl (Took: 1.12 ms) Completed: /usr/local/bin/google-ei-time.py (Took: 1.098 ms) Completed: /usr/local/bin/imgcache-parse-mod.py (Took: 1.095 ms) Completed: /usr/local/bin/imgcache-parse.py (Took: 1.095 ms) Completed: /usr/local/bin/json-printer.pl (Took: 1.093 ms) Completed: /usr/local/bin/msoffice-pic-extractor.py (Took: 1.121 ms) Completed: /usr/local/bin/plist2db.py (Took: 1.091 ms) Completed: /usr/local/bin/print_apk_perms.py (Took: 1.096 ms) Completed: /usr/local/bin/s2-cellid2latlong.py (Took: 1.088 ms) Completed: /usr/local/bin/s2-latlong2cellid.py (Took: 1.206 ms) Completed: /usr/local/bin/sms-grep-sample-config.txt (Took: 1.104 ms) Completed: /usr/local/bin/sms-grep.pl (Took: 1.122 ms) Completed: /usr/local/bin/sqlite-base64-decode.py (Took: 1.11 ms) Completed: /usr/local/bin/sqlite-blob-dumper.py (Took: 1.097 ms) Completed: /usr/local/bin/sqlite-parser.pl (Took: 1.092 ms) Completed: /usr/local/bin/squirrelgripper-README.txt (Took: 1.121 ms) Completed: /usr/local/bin/squirrelgripper.pl (Took: 1.144 ms) Completed: /usr/local/bin/timediff32.pl (Took: 1.122 ms) Completed: /usr/local/bin/vmail-db-2-html.pl (Took: 1.096 ms) Completed: /usr/local/bin/wp8-1-callhistory.py (Took: 1.15 ms) Completed: /usr/local/bin/wp8-1-contacts.py (Took: 1.12 ms) Completed: /usr/local/bin/wp8-1-mms-filesort.py (Took: 1.141 ms) Completed: /usr/local/bin/wp8-1-mms.py (Took: 1.251 ms) Completed: /usr/local/bin/wp8-1-sms.py (Took: 1.173 ms) Completed: /usr/local/bin/wp8-callhistory.py (Took: 1.133 ms) Completed: /usr/local/bin/wp8-contacts.py (Took: 1.135 ms) Completed: /usr/local/bin/wp8-fb-msg.py (Took: 1.108 ms) Completed: /usr/local/bin/wp8-sha256-pin-finder.py (Took: 1.139 ms) Completed: /usr/local/bin/wp8-sms.py (Took: 1.111 ms) Completed: /usr/local/bin/wwf-chat-parser.py (Took: 1.095 ms) Completed: /usr/local/bin/amcache.py (Took: 97.544 ms) Completed: /usr/local/bin/amcache.py (Took: 3.01 ms) Completed: /usr/local/bin/dump-mft-entry.pl (Took: 74.57 ms) Completed: /usr/local/bin/dump-mft-entry.pl (Took: 1.307 ms) Completed: /usr/local/bin/imageMounter.py (Took: 79.406 ms) Completed: /usr/local/bin/idx_parser.py (Took: 97.255 ms) Completed: /usr/local/bin/jobparser.py (Took: 102.994 ms) Completed: https://github.com/keydet89/Tools.git (Took: 2718.088 ms) Completed: /usr/local/bin/bodyfile.pl (Took: 7.172 ms) Completed: /usr/local/bin/bodyfile.pl (Took: 1.737 ms) Completed: /usr/local/bin/evtparse.pl (Took: 1.169 ms) Completed: /usr/local/bin/evtparse.pl (Took: 1.84 ms) Completed: /usr/local/bin/evtrpt.pl (Took: 1.12 ms) Completed: /usr/local/bin/evtrpt.pl (Took: 1.867 ms) Completed: /usr/local/bin/evtxparse.pl (Took: 1.116 ms) Completed: /usr/local/bin/evtxparse.pl (Took: 1.381 ms) Completed: /usr/local/bin/fb.pl (Took: 1.089 ms) Completed: /usr/local/bin/fb.pl (Took: 1.366 ms) Completed: /usr/local/bin/ff.pl (Took: 1.093 ms) Completed: /usr/local/bin/ff.pl (Took: 1.397 ms) Completed: /usr/local/bin/ff_signons.pl (Took: 1.101 ms) Completed: /usr/local/bin/ff_signons.pl (Took: 1.549 ms) Completed: /usr/local/bin/ftkparse.pl (Took: 1.102 ms) Completed: /usr/local/bin/ftkparse.pl (Took: 1.362 ms) Completed: /usr/local/bin/idx.pl (Took: 1.094 ms) Completed: /usr/local/bin/idx.pl (Took: 3.282 ms) Completed: /usr/local/bin/idxparse.pl (Took: 1.108 ms) Completed: /usr/local/bin/idxparse.pl (Took: 2.157 ms) Completed: /usr/local/bin/jl.pl (Took: 1.085 ms) Completed: /usr/local/bin/jl.pl (Took: 1.434 ms) Completed: /usr/local/bin/jobparse.pl (Took: 1.09 ms) Completed: /usr/local/bin/jobparse.pl (Took: 1.91 ms) Completed: /usr/local/bin/lfle.pl (Took: 1.085 ms) Completed: /usr/local/bin/lfle.pl (Took: 1.863 ms) Completed: /usr/local/bin/lnk.pl (Took: 1.085 ms) Completed: /usr/local/bin/lnk.pl (Took: 1.352 ms) Completed: /usr/local/bin/mft.pl (Took: 1.102 ms) Completed: /usr/local/bin/mft.pl (Took: 2.595 ms) Completed: /usr/local/bin/parse.pl (Took: 1.105 ms) Completed: /usr/local/bin/parse.pl (Took: 1.786 ms) Completed: /usr/local/bin/parsei30.pl (Took: 1.094 ms) Completed: /usr/local/bin/parsei30.pl (Took: 1.703 ms) Completed: /usr/local/bin/parseie.pl (Took: 1.094 ms) Completed: /usr/local/bin/parseie.pl (Took: 1.874 ms) Completed: /usr/local/bin/pie.pl (Took: 1.081 ms) Completed: /usr/local/bin/pie.pl (Took: 1.473 ms) Completed: /usr/local/bin/pref.pl (Took: 1.091 ms) Completed: /usr/local/bin/pref.pl (Took: 1.706 ms) Completed: /usr/local/bin/rawie.pl (Took: 1.096 ms) Completed: /usr/local/bin/rawie.pl (Took: 1.737 ms) Completed: /usr/local/bin/recbin.pl (Took: 1.089 ms) Completed: /usr/local/bin/recbin.pl (Took: 1.781 ms) Completed: /usr/local/bin/regslack.pl (Took: 1.104 ms) Completed: /usr/local/bin/regslack.pl (Took: 2.171 ms) Completed: /usr/local/bin/regtime.pl (Took: 1.104 ms) Completed: /usr/local/bin/regtime.pl (Took: 1.467 ms) Completed: /usr/local/bin/rfc.pl (Took: 1.08 ms) Completed: /usr/local/bin/rfc.pl (Took: 1.361 ms) Completed: /usr/local/bin/rlo.pl (Took: 1.106 ms) Completed: /usr/local/bin/rlo.pl (Took: 1.537 ms) Completed: /usr/local/bin/tln.pl (Took: 1.127 ms) Completed: /usr/local/bin/tln.pl (Took: 1.97 ms) Completed: /usr/local/bin/usnj.pl (Took: 1.132 ms) Completed: /usr/local/bin/usnj.pl (Took: 1.843 ms) Completed: /usr/local/bin/packerid.py (Took: 87.737 ms) Completed: /usr/local/bin/packerid.py (Took: 2.459 ms) Completed: /usr/local/bin (Took: 83.843 ms) Completed: /usr/local/bin/parseusn.py (Took: 93.522 ms) Completed: /usr/local/bin (Took: 55.926 ms) Completed: /usr/local/bin/pecarve.py (Took: 109.964 ms) Completed: /usr/local/bin/pecarve.py (Took: 1.961 ms) Completed: /usr/local/bin/pescanner.py (Took: 102.249 ms) Completed: https://github.com/keydet89/RegRipper2.8.git (Took: 2519.655 ms) Completed: /usr/share/regripper (Took: 3.242 ms) Completed: /usr/share/regripper/rip.pl (Took: 3.979 ms) Completed: /usr/share/regripper/plugins (Took: 4.396 ms) Completed: /usr/local/bin/rip.pl (Took: 28.647 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/all (Took: 0.369 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/all (Took: 303.669 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/ntuser (Took: 0.446 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/ntuser (Took: 373.363 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/usrclass (Took: 0.449 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/usrclass (Took: 302.651 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/sam (Took: 0.459 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/sam (Took: 296.704 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/security (Took: 0.446 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/security (Took: 299.67 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/software (Took: 0.465 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/software (Took: 347.012 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/system (Took: 0.457 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/system (Took: 330.924 ms) Completed: /usr/local/bin/set-display-scale (Took: 4.36 ms) Completed: /usr/local/bin/ShimCacheParser.py (Took: 91.934 ms) Completed: /usr/local/bin/ShimCacheParser.py (Took: 3.305 ms) Completed: /usr/share/sift/resources (Took: 1.943 ms) Completed: /usr/share/sift/images (Took: 0.794 ms) Completed: /usr/share/sift/audio (Took: 0.748 ms) Completed: /usr/share/sift/other (Took: 0.742 ms) Completed: /usr/share/sift/scripts (Took: 0.763 ms) Completed: /usr/share/sift (Took: 225.904 ms) Completed: /usr/share/tsk/sorter (Took: 2.673 ms) Completed: /usr/share/tsk/sorter (Took: 51.894 ms) Completed: /usr/local/bin/fun_stuff.pl (Took: 87.722 ms) Completed: /usr/local/bin/sqlite_miner.pl (Took: 80.998 ms) Completed: /usr/local/bin/sqlite_miner.pl (Took: 3.302 ms) Completed: /usr/local/bin/sqlparser.py (Took: 267.648 ms) Completed: /usr/local/bin/sqlparser.py (Took: 1.937 ms) Completed: /usr/local/bin/usbdeviceforensics.py (Took: 126.468 ms) Completed: /usr/local/bin/usbdeviceforensics.py (Took: 4.294 ms) Completed: /usr/local/src/virustotal-search-v0.1.4 (Took: 314.599 ms) Completed: /usr/local/bin/virustotal-search.py (Took: 27.832 ms) Completed: /usr/local/src/virustotal-submit-v0.0.3 (Took: 331.849 ms) Completed: /usr/local/bin/virustotal-submit.py (Took: 27.963 ms) Completed: /usr/local/bin/vshot (Took: 77.362 ms) Completed: sift-scripts (Took: 0.361 ms) Completed: /etc/hostname (Took: 1.188 ms) Completed: hostnamectl set-hostname siftworkstation (Took: 650.929 ms) Completed: siftworkstation (Took: 1.981 ms) Completed: ubuntu (Took: 5.491 ms) Completed: /home/ubuntu/.bash_aliases (Took: 1.113 ms) Completed: /home/ubuntu/.bash_aliases (Took: 1.826 ms) Completed: /root/.bash_aliases (Took: 0.965 ms) Completed: /home/ubuntu/.bashrc (Took: 1.491 ms) Completed: /home/ubuntu/.bashrc (Took: 1.484 ms) Completed: /home/ubuntu/.bashrc (Took: 3.075 ms) Completed: /home/ubuntu/.bashrc (Took: 1.418 ms) Completed: /root/.bashrc (Took: 1.094 ms) Completed: /root/.bashrc (Took: 2.871 ms) Completed: /root/.bashrc (Took: 1.12 ms) Completed: /home/ubuntu/.config/autostart (Took: 1.29 ms) Completed: /home/ubuntu/Desktop/Network-Forensics-Poster.pdf (Took: 170.995 ms) Completed: /home/ubuntu/Desktop/DFIR-Threat-Intel-Poster.pdf (Took: 187.788 ms) Completed: /home/ubuntu/Desktop/SIFT-REMnux-Poster.pdf (Took: 356.968 ms) Completed: /home/ubuntu/Desktop/Memory-Forensics-Poster.pdf (Took: 185.263 ms) Completed: /home/ubuntu/Desktop/Rekall-Cheatsheet.pdf (Took: 121.974 ms) Completed: /home/ubuntu/Desktop/DFIR-Smartphone-Forensics-Poster.pdf (Took: 526.035 ms) Completed: /home/ubuntu/Desktop/Windows-Forensics-Poster.pdf (Took: 314.095 ms) Completed: /home/ubuntu/Desktop/Find-Evil.pdf (Took: 187.961 ms) Completed: /home/ubuntu/Desktop/SIFT-Cheatsheet.pdf (Took: 113.069 ms) Completed: /home/ubuntu/Desktop/Linux-Shell-Survival-Guide.pdf (Took: 173.319 ms) Completed: /home/ubuntu/Desktop/Windows-to-Unix-Cheatsheet.pdf (Took: 299.226 ms) Completed: /home/ubuntu/Desktop/Volatility-Cheatsheet.pdf (Took: 127.402 ms) Completed: /home/ubuntu/Desktop/Hex-File-Regex-Cheatsheet.pdf (Took: 100.51 ms) Completed: /home/ubuntu/.rekallrc (Took: 2.577 ms) Completed: /home/ubuntu/Desktop (Took: 0.535 ms) Completed: /home/ubuntu/Desktop/mount_points (Took: 0.768 ms) Completed: /home/ubuntu/Desktop/cases (Took: 0.774 ms) Completed: /usr/share/sift/terminal-profiles.txt (Took: 2.316 ms) Completed: dconf load /org/gnome/terminal/ < /usr/share/sift/terminal-profiles.txt (Took: 331.033 ms) Completed: arc-icons (Took: 14776.602 ms) Completed: arc-theme (Took: 8419.55 ms) Completed: gsettings set org.gnome.desktop.interface gtk-theme Arc (Took: 330.541 ms) Completed: gsettings set org.gnome.desktop.interface icon-theme Arc-Icons (Took: 328.763 ms) Completed: /usr/share/backgrounds (Took: 3.261 ms) Completed: /usr/share/backgrounds/warty-final-ubuntu.png (Took: 8.559 ms) Completed: /usr/share/unity-greeter (Took: 0.566 ms) Completed: /usr/share/unity-greeter/logo.png (Took: 2.455 ms) Completed: /home/ubuntu/.config/autostart/ (Took: 0.527 ms) Completed: /home/ubuntu/.config/autostart/gnome-terminal.desktop (Took: 2.239 ms) Completed: gsettings set com.canonical.Unity.Launcher launcher-position Bottom (Took: 325.464 ms) Running: gsettings set com.canonical.Unity.Lenses disabled-scopes "['more_suggestions-amazon.scope', 'more_suggestions-u1ms.scope', 'more_suggestions-populartracks.scope', 'music-musicstore.scope', 'more_suggestions-ebay.scope', 'more_suggestions-ubuntushop.scope', 'more_suggestions-s Completed: gsettings set com.canonical.Unity.Lenses disabled-scopes "['more_suggestions-amazon.scope', 'more_suggestions-u1ms.scope', 'more_suggestions-populartracks.scope', 'music-musicstore.scope', 'more_suggestions-ebay.scope', 'more_suggestions-ubuntushop.scope', 'more_suggestions-skimlinks.scope']" (Took: 328.116 ms) Running: gsettings set com.canonical.Unity.Launcher favorites "['application://gnome-terminal.desktop', 'application://firefox.desktop', 'application://org.gnome.Nautilus.desktop', 'application://unity-control-center.desktop', 'unity://running-apps', 'unity://expo-icon', 'unity://devi Completed: gsettings set com.canonical.Unity.Launcher favorites "['application://gnome-terminal.desktop', 'application://firefox.desktop', 'application://org.gnome.Nautilus.desktop', 'application://unity-control-center.desktop', 'unity://running-apps', 'unity://expo-icon', 'unity://devices']" (Took: 326.642 ms) Completed: dconf write /org/compiz/profiles/unity/plugins/unityshell/icon-size 32 (Took: 328.176 ms) Completed: dconf write /org/compiz/profiles/unity/plugins/unityshell/launcher-minimize-window true (Took: 327.886 ms) Completed: Etc/UTC (Took: 344.839 ms) Completed: /cases (Took: 1.717 ms) Completed: /mnt/usb (Took: 1.265 ms) Completed: /mnt/vss (Took: 0.752 ms) Completed: /mnt/shadow_mount (Took: 0.719 ms) Completed: /mnt/windows_mount (Took: 0.735 ms) Completed: /mnt/ewf_mount (Took: 0.709 ms) Completed: /mnt/e01 (Took: 0.707 ms) Completed: /mnt/aff (Took: 0.712 ms) Completed: /mnt/ewf (Took: 0.727 ms) Completed: /mnt/bde (Took: 0.736 ms) Completed: /mnt/iscsi (Took: 0.707 ms) Completed: /mnt/windows_mount1 (Took: 0.714 ms) Completed: /mnt/windows_mount2 (Took: 0.713 ms) Completed: /mnt/windows_mount3 (Took: 0.709 ms) Completed: /mnt/windows_mount4 (Took: 0.729 ms) Completed: /mnt/windows_mount5 (Took: 0.707 ms) Completed: /mnt/shadow_mount/vss1 (Took: 0.766 ms) Completed: /mnt/shadow_mount/vss2 (Took: 0.744 ms) Completed: /mnt/shadow_mount/vss3 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss4 (Took: 0.744 ms) Completed: /mnt/shadow_mount/vss5 (Took: 0.747 ms) Completed: /mnt/shadow_mount/vss6 (Took: 0.743 ms) Completed: /mnt/shadow_mount/vss7 (Took: 0.741 ms) Completed: /mnt/shadow_mount/vss8 (Took: 0.776 ms) Completed: /mnt/shadow_mount/vss9 (Took: 0.739 ms) Completed: /mnt/shadow_mount/vss10 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss11 (Took: 0.743 ms) Completed: /mnt/shadow_mount/vss12 (Took: 0.745 ms) Completed: /mnt/shadow_mount/vss13 (Took: 0.754 ms) Completed: /mnt/shadow_mount/vss14 (Took: 0.741 ms) Completed: /mnt/shadow_mount/vss15 (Took: 0.755 ms) Completed: /mnt/shadow_mount/vss16 (Took: 0.739 ms) Completed: /mnt/shadow_mount/vss17 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss18 (Took: 0.747 ms) Completed: /mnt/shadow_mount/vss19 (Took: 0.74 ms) Completed: /mnt/shadow_mount/vss20 (Took: 0.735 ms) Completed: /mnt/shadow_mount/vss21 (Took: 0.737 ms) Completed: /mnt/shadow_mount/vss22 (Took: 0.799 ms) Completed: /mnt/shadow_mount/vss23 (Took: 0.742 ms) Completed: /mnt/shadow_mount/vss24 (Took: 0.748 ms) Completed: /mnt/shadow_mount/vss25 (Took: 0.736 ms) Completed: /mnt/shadow_mount/vss26 (Took: 0.734 ms) Completed: /mnt/shadow_mount/vss27 (Took: 0.75 ms) Completed: /mnt/shadow_mount/vss28 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss29 (Took: 0.737 ms) Completed: /mnt/shadow_mount/vss30 (Took: 0.746 ms) Completed: salt-minion (Took: 3415.18 ms) Completed: /etc/samba/smb.conf (Took: 12.899 ms) Completed: smbd (Took: 889.701 ms) Completed: smbd (Took: 1783.618 ms) Completed: nmbd (Took: 886.783 ms) Completed: nmbd (Took: 1781.263 ms) Completed: /etc/foremost.conf (Took: 4.676 ms) Completed: /usr/local/etc/foremost.conf (Took: 2.292 ms) Completed: sift-config-tools (Took: 0.328 ms)

>> Completed with Failures -- Success: 528, Failure: 11 root@ip-192-168-1-8:/usr/local/bin#

You have to use —mode=packages-only because you are installing on a server.

Sent from my iPhone

On Jun 5, 2018, at 21:04, shailu75 notifications@github.com wrote:

Thanks, I have read the Installation of sift properly and now i am able to install the Sift in Ubuntu. but at the end of Installation I got the error which highlight in bold mentioned below...

Kindly let me know sift tools installed properly or mission some tools.

root@ip-192-168-1-8:/usr/local/bin# sift install

sift-cli@1.6.1-master.bde3e23 sift-version: notinstalled

Installing and configuring SaltStack properly ...

downloading v2018.22.0

downloading sift-saltstack-v2018.22.0.tar.gz.asc downloading sift-saltstack-v2018.22.0.tar.gz.sha256 downloading sift-saltstack-v2018.22.0.tar.gz.sha256.asc downloading sift-saltstack-v2018.22.0.tar.gz validating file sift-saltstack-v2018.22.0.tar.gz validating signature for sift-saltstack-v2018.22.0.tar.gz.sha256 extracting update sift-saltstack-v2018.22.0.tar.gz performing update v2018.22.0 Log file: /var/cache/sift/cli/v2018.22.0/saltstack.log

Completed: python-software-properties (Took: 4271.619 ms) Completed: apt-transport-https (Took: 841.026 ms) Completed: deb https://apt.dockerproject.org/repo ubuntu-xenial main (Took: 4028.954 ms) Completed: sift-gift-dev (Took: 594.676 ms) Completed: gift (Took: 6795.759 ms) Completed: sift-dev (Took: 481.633 ms) Completed: sift-repo (Took: 6937.507 ms) Completed: software-properties-common (Took: 5.779 ms) Completed: noobslab-themes (Took: 6762.072 ms) Completed: noobslab-icons (Took: 6988.137 ms) Completed: openjdk-repo (Took: 7092.309 ms) Completed: deb http://archive.ubuntu.com/ubuntu/ xenial multiverse (Took: 3458.324 ms) Completed: deb http://archive.ubuntu.com/ubuntu/ xenial-security multiverse (Took: 3417.41 ms) Completed: deb http://archive.ubuntu.com/ubuntu/ xenial universe (Took: 6260.682 ms) Completed: ubuntutweak (Took: 0.384 ms) Completed: sift-repos (Took: 0.372 ms) Completed: binplist (Took: 11.422 ms) Completed: unity-webapps-common (Took: 9.53 ms) Completed: aeskeyfind (Took: 2212.966 ms) Completed: afflib-tools (Took: 3301.67 ms) Completed: afterglow (Took: 3269.851 ms) Completed: aircrack-ng (Took: 4219.156 ms) Completed: apache2 (Took: 7613.216 ms) Completed: arp-scan (Took: 4778.582 ms) Completed: autopsy (Took: 13221.387 ms) Completed: bcrypt (Took: 3191.856 ms) Completed: bitpim (Took: 38443.027 ms) Completed: bitpim-lib (Took: 879.798 ms) Completed: bkhive (Took: 2378.11 ms) Completed: bless (Took: 14714.616 ms) Completed: blt (Took: 3613.433 ms) Completed: build-essential (Took: 11114.737 ms) Completed: bulk-extractor (Took: 126993.056 ms) Completed: cabextract (Took: 3243.434 ms) Completed: ccrypt (Took: 3407.288 ms) Completed: cifs-utils (Took: 6590.245 ms) Completed: clamav (Took: 5985.796 ms) Completed: cmospwd (Took: 3207.279 ms) Completed: cryptcat (Took: 3295.366 ms) Completed: cryptsetup (Took: 1019.731 ms) Completed: curl (Took: 8.41 ms) Completed: dc3dd (Took: 2470.602 ms) Completed: dcfldd (Took: 3256.857 ms) Completed: dconf-tools (Took: 3625.451 ms) Completed: docker-engine (Took: 9268.704 ms) Completed: driftnet (Took: 3233.657 ms) Completed: dsniff (Took: 3392.351 ms) Completed: dumbpig (Took: 3201.466 ms) Completed: e2fslibs-dev (Took: 4498.818 ms) Completed: ent (Took: 3241.033 ms) Completed: epic5 (Took: 3371.437 ms) Completed: etherape (Took: 4513.234 ms) Completed: ettercap-graphical (Took: 3933.763 ms) Completed: exfat-fuse (Took: 3397.529 ms) Completed: exfat-utils (Took: 883.337 ms) Completed: exif (Took: 2385.282 ms) Completed: extundelete (Took: 3227.068 ms) Completed: fdupes (Took: 3232.923 ms) Completed: feh (Took: 4303.727 ms) Completed: flasm (Took: 3322.402 ms) Completed: flex (Took: 884.868 ms) Completed: foremost (Took: 2351.336 ms) Completed: g++ (Took: 880.067 ms) Completed: gawk (Took: 5.264 ms) Completed: gcc (Took: 5.068 ms) Completed: gdb (Took: 3607.649 ms) Completed: gddrescue (Took: 3347.679 ms) Completed: ghex (Took: 3778.397 ms) Completed: git (Took: 876.261 ms) Completed: graphviz (Took: 3323.111 ms) Completed: gthumb (Took: 18976.963 ms) Completed: gzrt (Took: 3282.52 ms) Completed: hexedit (Took: 3364.404 ms) Completed: htop (Took: 3361.867 ms) Completed: hydra (Took: 4366.693 ms) Completed: hydra-gtk (Took: 3389.396 ms) Completed: ipython (Took: 5697.332 ms) Completed: jq (Took: 3368.188 ms) Completed: kdiff3 (Took: 48358.291 ms) Completed: knocker (Took: 3334.921 ms) Completed: kpartx (Took: 3292.5 ms) Completed: lft (Took: 3332.708 ms) Completed: libafflib-dev (Took: 3172.176 ms) Completed: libafflib0v5 (Took: 949.915 ms) Completed: libbde (Took: 3911.629 ms) Completed: libbde-tools (Took: 3684.582 ms) Completed: libesedb (Took: 4667.59 ms) Completed: libesedb-tools (Took: 4535.351 ms) Completed: libevt (Took: 4432.154 ms) Completed: libevt-tools (Took: 4565.951 ms) Completed: libevtx (Took: 4524.886 ms) Completed: libevtx-tools (Took: 5938.827 ms) Completed: libewf (Took: 4716.724 ms) Completed: libewf-dev (Took: 951.257 ms) Completed: libewf-python (Took: 2833.567 ms) Completed: libewf-tools (Took: 5365.942 ms) Completed: libffi-dev (Took: 4388.364 ms) Completed: libfuse-dev (Took: 5058.271 ms) Completed: libfvde (Took: 5246.129 ms) Completed: libfvde-tools (Took: 4912.103 ms) Completed: liblightgrep (Took: 885.663 ms) Completed: libmsiecf (Took: 3792.621 ms) Completed: libncurses5-dev (Took: 3543.133 ms) Completed: libnet1 (Took: 879.801 ms) Completed: libolecf (Took: 3560.076 ms) Completed: libparse-win32registry-perl (Took: 4362.527 ms) Completed: libpff (Took: 6156.339 ms) Completed: libpff-dev (Took: 7803.757 ms) Completed: libpff-python (Took: 3753.402 ms) Completed: libpff-tools (Took: 4618.886 ms) Completed: libplist-utils (Took: 3403.594 ms) Completed: libregf (Took: 4395.218 ms) Completed: libregf-dev (Took: 6048.189 ms) Completed: libregf-python (Took: 3826.475 ms) Completed: libregf-tools (Took: 3602.317 ms) Completed: libssl-dev (Took: 941.04 ms) Completed: libtext-csv-perl (Took: 3530.682 ms) Completed: libvmdk (Took: 4299.732 ms) Completed: libvshadow (Took: 4138.616 ms) Completed: libvshadow-dev (Took: 5571.062 ms) Completed: libvshadow-python (Took: 4058.444 ms) Completed: libvshadow-tools (Took: 3755.033 ms) Completed: libxml2-dev (Took: 5918.501 ms) Completed: libxslt-dev (Took: 4477.678 ms) Completed: md5deep (Took: 3403.856 ms) Completed: nbd-client (Took: 8369.775 ms) Completed: nbtscan (Took: 3354.91 ms) Completed: netcat (Took: 880.056 ms) Completed: netpbm (Took: 5.391 ms) Completed: netsed (Took: 2468.136 ms) Completed: netwox (Took: 4579.718 ms) Completed: nfdump (Took: 4281.129 ms) Completed: ngrep (Took: 3360.975 ms) Completed: nikto (Took: 4950.769 ms) Completed: okular (Took: 5630.585 ms) Completed: open-iscsi (Took: 879.693 ms) Completed: openjdk-7-jdk (Took: 5.359 ms) Completed: ophcrack (Took: 2808.712 ms) Completed: ophcrack-cli (Took: 3347.801 ms) Completed: outguess (Took: 3429.558 ms) Completed: p0f (Took: 3398.005 ms) Completed: p7zip-full (Took: 3446.635 ms) Completed: pdftk (Took: 6005.976 ms) Completed: perl (Took: 880.496 ms) Running: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c-> Completed: perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit' (Took: 0.397 ms) Completed: pev (Took: 2539.105 ms) Completed: phonon (Took: 879.25 ms) Completed: pkg-config (Took: 2493.19 ms) Completed: python-plaso (Took: 886.412 ms) Completed: python-dfvfs (Took: 9.597 ms) Completed: python3-xlsxwriter (Took: 9.503 ms) Completed: python-xlsxwriter (Took: 3169.419 ms) Completed: python-dfvfs (Took: 37425.43 ms) Completed: python-plaso (Took: 45358.077 ms) Completed: plaso-tools (Took: 3696.888 ms) Completed: /var/cache/sift/archives/powershell_6.0.0-alpha.13-1ubuntu1.16.04.1_amd64.deb (Took: 1363.996 ms) Completed: sift-powershell (Took: 6252.783 ms) Completed: pv (Took: 3514.243 ms) Completed: pyew (Took: 3883.64 ms) Completed: python (Took: 881.085 ms) Completed: python-dev (Took: 5174.549 ms) Completed: python-flowgrep (Took: 3329.711 ms) Completed: python-fuse (Took: 3214.871 ms) Completed: python-nids (Took: 3186.052 ms) Completed: python-ntdsxtract (Took: 3745.119 ms) Completed: python-pefile (Took: 939.824 ms) Completed: python-pip (Took: 6400.947 ms) Completed: pytsk3 (Took: 886.569 ms) Completed: python-pytsk3 (Took: 5.225 ms) Completed: python-qt4 (Took: 3764.292 ms) Completed: python-tk (Took: 3162.634 ms) Completed: python-virtualenv (Took: 3951.266 ms) Completed: colorama (Took: 5734.703 ms) Completed: construct (Took: 3250.39 ms) Completed: dpapick (Took: 17053.249 ms) Completed: distorm3 (Took: 7264.306 ms) Completed: haystack (Took: 7336.329 ms) Completed: lxml (Took: 6563.351 ms) Completed: ioc_writer (Took: 6290.207 ms) Completed: pefile (Took: 3304.147 ms) Completed: pycoin (Took: 6393.792 ms) Completed: pysocks (Took: 6302.947 ms) Completed: simplejson (Took: 7132.162 ms) Completed: yara-python (Took: 4649.818 ms) Completed: python-volatility (Took: 8472.292 ms) Completed: https://github.com/sans-dfir/volatility-plugins-community.git (Took: 3146.501 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/sift/ (Took: 89.036 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py (Took: 0.429 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/idxparser.py (Took: 0.373 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py (Took: 0.382 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py (Took: 0.362 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/pstotal.py (Took: 0.355 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py (Took: 0.358 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/autoruns.py (Took: 0.368 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/prefetch.py (Took: 0.356 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/baseline.py (Took: 0.354 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py (Took: 0.468 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py (Took: 0.357 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/usnparser.py (Took: 0.358 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py (Took: 0.354 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py (Took: 0.352 ms) Completed: /usr/lib/python2.7/dist-packages/volatility/plugins/javarat.py (Took: 0.355 ms) Completed: python-yara (Took: 5.114 ms) Completed: python3 (Took: 5.111 ms) Completed: python3-pip (Took: 7655.395 ms) Completed: qemu (Took: 13227.043 ms) Completed: qemu-utils (Took: 889.65 ms) Completed: radare2 (Took: 4328.706 ms) Completed: rar (Took: 3430.73 ms) Completed: readpst (Took: 3941.562 ms) Completed: rsakeyfind (Took: 3381.912 ms) Completed: safecopy (Took: 3388.905 ms) Completed: samba (Took: 7643.269 ms) Completed: samdump2 (Took: 895.63 ms) Completed: scalpel (Took: 2747.734 ms) Completed: sleuthkit (Took: 963.193 ms) Completed: socat (Took: 2522.826 ms) Completed: ssdeep (Took: 3429.223 ms) Completed: ssldump (Took: 3403.045 ms) Completed: sslsniff (Took: 3551.159 ms) Completed: stunnel4 (Took: 4108.793 ms) Completed: system-config-samba (Took: 5605.005 ms) Completed: tcl (Took: 3556.978 ms) Completed: tcpflow (Took: 3501.175 ms) Completed: tcpick (Took: 3463.08 ms) Completed: tcpreplay (Took: 3456.912 ms) Completed: tcpslice (Took: 3408.509 ms) Completed: tcpstat (Took: 3419.835 ms) Completed: tcptrace (Took: 3523.673 ms) Completed: tcptrack (Took: 3517.779 ms) Completed: tcpxtract (Took: 3437.414 ms) Completed: testdisk (Took: 3409.333 ms) Completed: tofrodos (Took: 3423.273 ms) Completed: transmission (Took: 4503.801 ms) Completed: unity-control-center (Took: 30773.949 ms) Completed: unrar (Took: 3493.934 ms) Completed: upx-ucl (Took: 3665.486 ms) Completed: vbindiff (Took: 3464.378 ms) Completed: vim (Took: 966.894 ms) Completed: virtuoso-minimal (Took: 3839.634 ms) Completed: vmfs-tools (Took: 3424.175 ms) Completed: winbind (Took: 4789.442 ms) Completed: dpkg --add-architecture i386 (Took: 756.471 ms) Completed: sift-wine-apt-update (Took: 39993.573 ms) Completed: wine (Took: 44902.308 ms) Completed: wireshark (Took: 13281.619 ms) Completed: xdot (Took: 4451.345 ms) Completed: xfsprogs (Took: 893.136 ms) Completed: xmount (Took: 3141.331 ms) Completed: xpdf (Took: 4945.002 ms) Completed: zenity (Took: 964.003 ms) Completed: sift-packages (Took: 0.56 ms) Completed: git+https://github.com/dkovar/analyzeMFT.git@64c71d7c8905a119b7abdf9813e6ef5f11d3ccf1 (Took: 2469.677 ms) Completed: git+https://github.com/mbevilacqua/appcompatprocessor.git@46ba76a73fcf71640f2a6e9db02afaaac3e178b9 (Took: 30123.082 ms) Completed: argparse (Took: 5550.368 ms) Completed: bitstring (Took: 6663.298 ms) Completed: docopt (Took: 6640.94 ms) Completed: geoip2 (Took: 7356.492 ms) Completed: machinae (Took: 19291.548 ms) Completed: pip==9.0.1 (Took: 8499.676 ms) Completed: python-dateutil >= 2.4.2 (Took: 3437.553 ms) Completed: python-evtx (Took: 5981.342 ms) Completed: python-magic (Took: 3479.732 ms) Completed: python-registry (Took: 1963.318 ms) Completed: setuptools (Took: 5114.084 ms) Completed: wheel (Took: 4311.111 ms) Completed: /opt/rekall (Took: 120576.13 ms) Completed: rekall (Took: 1899.994 ms) Completed: /usr/local/bin/rekall (Took: 29.591 ms) Completed: six (Took: 1957.439 ms) Completed: stix (Took: 5888.526 ms) Completed: stix-validator (Took: 4922.02 ms) Completed: timesketch (Took: 17874.775 ms) Completed: unicodecsv (Took: 4071.363 ms) Completed: usnparser (Took: 4072.612 ms) Completed: virustotal-api (Took: 3611.038 ms) Completed: windowsprefetch (Took: 4121.335 ms) Completed: sift-python-packages (Took: 0.467 ms) Completed: /usr/local/src/densityscout/densityscout_build_45_linux (Took: 736.592 ms) Completed: /usr/local/bin/densityscout-build-45 (Took: 0.876 ms) Completed: /usr/local/bin/densityscout (Took: 28.437 ms) Completed: /usr/local/bin/sift (Took: 839.509 ms) Completed: sift-tools (Took: 0.374 ms) Completed: https://github.com/cheeky4n6monkey/4n6-scripts.git (Took: 2313.068 ms) Completed: /usr/local/bin/WP8_AppPerms.py (Took: 1.324 ms) Completed: /usr/local/bin/bing-bar-parser.pl (Took: 1.129 ms) Completed: /usr/local/bin/chunkymonkey.py (Took: 1.13 ms) Completed: /usr/local/bin/dextract.def (Took: 1.097 ms) Completed: /usr/local/bin/dextract.py (Took: 2.329 ms) Completed: /usr/local/bin/docx-font-extractor.pl (Took: 1.093 ms) Completed: /usr/local/bin/exif2map.pl (Took: 1.092 ms) Completed: /usr/local/bin/fbmsg-extractor.py (Took: 1.132 ms) Completed: /usr/local/bin/gis4cookie.pl (Took: 1.12 ms) Completed: /usr/local/bin/google-ei-time.py (Took: 1.098 ms) Completed: /usr/local/bin/imgcache-parse-mod.py (Took: 1.095 ms) Completed: /usr/local/bin/imgcache-parse.py (Took: 1.095 ms) Completed: /usr/local/bin/json-printer.pl (Took: 1.093 ms) Completed: /usr/local/bin/msoffice-pic-extractor.py (Took: 1.121 ms) Completed: /usr/local/bin/plist2db.py (Took: 1.091 ms) Completed: /usr/local/bin/print_apk_perms.py (Took: 1.096 ms) Completed: /usr/local/bin/s2-cellid2latlong.py (Took: 1.088 ms) Completed: /usr/local/bin/s2-latlong2cellid.py (Took: 1.206 ms) Completed: /usr/local/bin/sms-grep-sample-config.txt (Took: 1.104 ms) Completed: /usr/local/bin/sms-grep.pl (Took: 1.122 ms) Completed: /usr/local/bin/sqlite-base64-decode.py (Took: 1.11 ms) Completed: /usr/local/bin/sqlite-blob-dumper.py (Took: 1.097 ms) Completed: /usr/local/bin/sqlite-parser.pl (Took: 1.092 ms) Completed: /usr/local/bin/squirrelgripper-README.txt (Took: 1.121 ms) Completed: /usr/local/bin/squirrelgripper.pl (Took: 1.144 ms) Completed: /usr/local/bin/timediff32.pl (Took: 1.122 ms) Completed: /usr/local/bin/vmail-db-2-html.pl (Took: 1.096 ms) Completed: /usr/local/bin/wp8-1-callhistory.py (Took: 1.15 ms) Completed: /usr/local/bin/wp8-1-contacts.py (Took: 1.12 ms) Completed: /usr/local/bin/wp8-1-mms-filesort.py (Took: 1.141 ms) Completed: /usr/local/bin/wp8-1-mms.py (Took: 1.251 ms) Completed: /usr/local/bin/wp8-1-sms.py (Took: 1.173 ms) Completed: /usr/local/bin/wp8-callhistory.py (Took: 1.133 ms) Completed: /usr/local/bin/wp8-contacts.py (Took: 1.135 ms) Completed: /usr/local/bin/wp8-fb-msg.py (Took: 1.108 ms) Completed: /usr/local/bin/wp8-sha256-pin-finder.py (Took: 1.139 ms) Completed: /usr/local/bin/wp8-sms.py (Took: 1.111 ms) Completed: /usr/local/bin/wwf-chat-parser.py (Took: 1.095 ms) Completed: /usr/local/bin/amcache.py (Took: 97.544 ms) Completed: /usr/local/bin/amcache.py (Took: 3.01 ms) Completed: /usr/local/bin/dump-mft-entry.pl (Took: 74.57 ms) Completed: /usr/local/bin/dump-mft-entry.pl (Took: 1.307 ms) Completed: /usr/local/bin/imageMounter.py (Took: 79.406 ms) Completed: /usr/local/bin/idx_parser.py (Took: 97.255 ms) Completed: /usr/local/bin/jobparser.py (Took: 102.994 ms) Completed: https://github.com/keydet89/Tools.git (Took: 2718.088 ms) Completed: /usr/local/bin/bodyfile.pl (Took: 7.172 ms) Completed: /usr/local/bin/bodyfile.pl (Took: 1.737 ms) Completed: /usr/local/bin/evtparse.pl (Took: 1.169 ms) Completed: /usr/local/bin/evtparse.pl (Took: 1.84 ms) Completed: /usr/local/bin/evtrpt.pl (Took: 1.12 ms) Completed: /usr/local/bin/evtrpt.pl (Took: 1.867 ms) Completed: /usr/local/bin/evtxparse.pl (Took: 1.116 ms) Completed: /usr/local/bin/evtxparse.pl (Took: 1.381 ms) Completed: /usr/local/bin/fb.pl (Took: 1.089 ms) Completed: /usr/local/bin/fb.pl (Took: 1.366 ms) Completed: /usr/local/bin/ff.pl (Took: 1.093 ms) Completed: /usr/local/bin/ff.pl (Took: 1.397 ms) Completed: /usr/local/bin/ff_signons.pl (Took: 1.101 ms) Completed: /usr/local/bin/ff_signons.pl (Took: 1.549 ms) Completed: /usr/local/bin/ftkparse.pl (Took: 1.102 ms) Completed: /usr/local/bin/ftkparse.pl (Took: 1.362 ms) Completed: /usr/local/bin/idx.pl (Took: 1.094 ms) Completed: /usr/local/bin/idx.pl (Took: 3.282 ms) Completed: /usr/local/bin/idxparse.pl (Took: 1.108 ms) Completed: /usr/local/bin/idxparse.pl (Took: 2.157 ms) Completed: /usr/local/bin/jl.pl (Took: 1.085 ms) Completed: /usr/local/bin/jl.pl (Took: 1.434 ms) Completed: /usr/local/bin/jobparse.pl (Took: 1.09 ms) Completed: /usr/local/bin/jobparse.pl (Took: 1.91 ms) Completed: /usr/local/bin/lfle.pl (Took: 1.085 ms) Completed: /usr/local/bin/lfle.pl (Took: 1.863 ms) Completed: /usr/local/bin/lnk.pl (Took: 1.085 ms) Completed: /usr/local/bin/lnk.pl (Took: 1.352 ms) Completed: /usr/local/bin/mft.pl (Took: 1.102 ms) Completed: /usr/local/bin/mft.pl (Took: 2.595 ms) Completed: /usr/local/bin/parse.pl (Took: 1.105 ms) Completed: /usr/local/bin/parse.pl (Took: 1.786 ms) Completed: /usr/local/bin/parsei30.pl (Took: 1.094 ms) Completed: /usr/local/bin/parsei30.pl (Took: 1.703 ms) Completed: /usr/local/bin/parseie.pl (Took: 1.094 ms) Completed: /usr/local/bin/parseie.pl (Took: 1.874 ms) Completed: /usr/local/bin/pie.pl (Took: 1.081 ms) Completed: /usr/local/bin/pie.pl (Took: 1.473 ms) Completed: /usr/local/bin/pref.pl (Took: 1.091 ms) Completed: /usr/local/bin/pref.pl (Took: 1.706 ms) Completed: /usr/local/bin/rawie.pl (Took: 1.096 ms) Completed: /usr/local/bin/rawie.pl (Took: 1.737 ms) Completed: /usr/local/bin/recbin.pl (Took: 1.089 ms) Completed: /usr/local/bin/recbin.pl (Took: 1.781 ms) Completed: /usr/local/bin/regslack.pl (Took: 1.104 ms) Completed: /usr/local/bin/regslack.pl (Took: 2.171 ms) Completed: /usr/local/bin/regtime.pl (Took: 1.104 ms) Completed: /usr/local/bin/regtime.pl (Took: 1.467 ms) Completed: /usr/local/bin/rfc.pl (Took: 1.08 ms) Completed: /usr/local/bin/rfc.pl (Took: 1.361 ms) Completed: /usr/local/bin/rlo.pl (Took: 1.106 ms) Completed: /usr/local/bin/rlo.pl (Took: 1.537 ms) Completed: /usr/local/bin/tln.pl (Took: 1.127 ms) Completed: /usr/local/bin/tln.pl (Took: 1.97 ms) Completed: /usr/local/bin/usnj.pl (Took: 1.132 ms) Completed: /usr/local/bin/usnj.pl (Took: 1.843 ms) Completed: /usr/local/bin/packerid.py (Took: 87.737 ms) Completed: /usr/local/bin/packerid.py (Took: 2.459 ms) Completed: /usr/local/bin (Took: 83.843 ms) Completed: /usr/local/bin/parseusn.py (Took: 93.522 ms) Completed: /usr/local/bin (Took: 55.926 ms) Completed: /usr/local/bin/pecarve.py (Took: 109.964 ms) Completed: /usr/local/bin/pecarve.py (Took: 1.961 ms) Completed: /usr/local/bin/pescanner.py (Took: 102.249 ms) Completed: https://github.com/keydet89/RegRipper2.8.git (Took: 2519.655 ms) Completed: /usr/share/regripper (Took: 3.242 ms) Completed: /usr/share/regripper/rip.pl (Took: 3.979 ms) Completed: /usr/share/regripper/plugins (Took: 4.396 ms) Completed: /usr/local/bin/rip.pl (Took: 28.647 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/all (Took: 0.369 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "All" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/all (Took: 303.669 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/ntuser (Took: 0.446 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "NTUSER" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/ntuser (Took: 373.363 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/usrclass (Took: 0.449 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "USRCLASS" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/usrclass (Took: 302.651 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/sam (Took: 0.459 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "SAM" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/sam (Took: 296.704 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/security (Took: 0.446 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Security" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/security (Took: 299.67 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/software (Took: 0.465 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$ Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "Software" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/software (Took: 347.012 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/system (Took: 0.457 ms) Running: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$// Completed: grep -R "my %config = (hive" /usr/share/regripper/plugins | grep "System" | cut -f1 -d: | xargs -n1 -I{} basename {} | sed 's/.pl$//' > /usr/share/regripper/plugins/system (Took: 330.924 ms) Completed: /usr/local/bin/set-display-scale (Took: 4.36 ms) Completed: /usr/local/bin/ShimCacheParser.py (Took: 91.934 ms) Completed: /usr/local/bin/ShimCacheParser.py (Took: 3.305 ms) Completed: /usr/share/sift/resources (Took: 1.943 ms) Completed: /usr/share/sift/images (Took: 0.794 ms) Completed: /usr/share/sift/audio (Took: 0.748 ms) Completed: /usr/share/sift/other (Took: 0.742 ms) Completed: /usr/share/sift/scripts (Took: 0.763 ms) Completed: /usr/share/sift (Took: 225.904 ms) Completed: /usr/share/tsk/sorter (Took: 2.673 ms) Completed: /usr/share/tsk/sorter (Took: 51.894 ms) Completed: /usr/local/bin/fun_stuff.pl (Took: 87.722 ms) Completed: /usr/local/bin/sqlite_miner.pl (Took: 80.998 ms) Completed: /usr/local/bin/sqlite_miner.pl (Took: 3.302 ms) Completed: /usr/local/bin/sqlparser.py (Took: 267.648 ms) Completed: /usr/local/bin/sqlparser.py (Took: 1.937 ms) Completed: /usr/local/bin/usbdeviceforensics.py (Took: 126.468 ms) Completed: /usr/local/bin/usbdeviceforensics.py (Took: 4.294 ms) Completed: /usr/local/src/virustotal-search-v0.1.4 (Took: 314.599 ms) Completed: /usr/local/bin/virustotal-search.py (Took: 27.832 ms) Completed: /usr/local/src/virustotal-submit-v0.0.3 (Took: 331.849 ms) Completed: /usr/local/bin/virustotal-submit.py (Took: 27.963 ms) Completed: /usr/local/bin/vshot (Took: 77.362 ms) Completed: sift-scripts (Took: 0.361 ms) Completed: /etc/hostname (Took: 1.188 ms) Completed: hostnamectl set-hostname siftworkstation (Took: 650.929 ms) Completed: siftworkstation (Took: 1.981 ms) Completed: ubuntu (Took: 5.491 ms) Completed: /home/ubuntu/.bash_aliases (Took: 1.113 ms) Completed: /home/ubuntu/.bash_aliases (Took: 1.826 ms) Completed: /root/.bash_aliases (Took: 0.965 ms) Completed: /home/ubuntu/.bashrc (Took: 1.491 ms) Completed: /home/ubuntu/.bashrc (Took: 1.484 ms) Completed: /home/ubuntu/.bashrc (Took: 3.075 ms) Completed: /home/ubuntu/.bashrc (Took: 1.418 ms) Completed: /root/.bashrc (Took: 1.094 ms) Completed: /root/.bashrc (Took: 2.871 ms) Completed: /root/.bashrc (Took: 1.12 ms) Completed: /home/ubuntu/.config/autostart (Took: 1.29 ms) Completed: /home/ubuntu/Desktop/Network-Forensics-Poster.pdf (Took: 170.995 ms) Completed: /home/ubuntu/Desktop/DFIR-Threat-Intel-Poster.pdf (Took: 187.788 ms) Completed: /home/ubuntu/Desktop/SIFT-REMnux-Poster.pdf (Took: 356.968 ms) Completed: /home/ubuntu/Desktop/Memory-Forensics-Poster.pdf (Took: 185.263 ms) Completed: /home/ubuntu/Desktop/Rekall-Cheatsheet.pdf (Took: 121.974 ms) Completed: /home/ubuntu/Desktop/DFIR-Smartphone-Forensics-Poster.pdf (Took: 526.035 ms) Completed: /home/ubuntu/Desktop/Windows-Forensics-Poster.pdf (Took: 314.095 ms) Completed: /home/ubuntu/Desktop/Find-Evil.pdf (Took: 187.961 ms) Completed: /home/ubuntu/Desktop/SIFT-Cheatsheet.pdf (Took: 113.069 ms) Completed: /home/ubuntu/Desktop/Linux-Shell-Survival-Guide.pdf (Took: 173.319 ms) Completed: /home/ubuntu/Desktop/Windows-to-Unix-Cheatsheet.pdf (Took: 299.226 ms) Completed: /home/ubuntu/Desktop/Volatility-Cheatsheet.pdf (Took: 127.402 ms) Completed: /home/ubuntu/Desktop/Hex-File-Regex-Cheatsheet.pdf (Took: 100.51 ms) Completed: /home/ubuntu/.rekallrc (Took: 2.577 ms) Completed: /home/ubuntu/Desktop (Took: 0.535 ms) Completed: /home/ubuntu/Desktop/mount_points (Took: 0.768 ms) Completed: /home/ubuntu/Desktop/cases (Took: 0.774 ms) Completed: /usr/share/sift/terminal-profiles.txt (Took: 2.316 ms) Completed: dconf load /org/gnome/terminal/ < /usr/share/sift/terminal-profiles.txt (Took: 331.033 ms) Completed: arc-icons (Took: 14776.602 ms) Completed: arc-theme (Took: 8419.55 ms) Completed: gsettings set org.gnome.desktop.interface gtk-theme Arc (Took: 330.541 ms) Completed: gsettings set org.gnome.desktop.interface icon-theme Arc-Icons (Took: 328.763 ms) Completed: /usr/share/backgrounds (Took: 3.261 ms) Completed: /usr/share/backgrounds/warty-final-ubuntu.png (Took: 8.559 ms) Completed: /usr/share/unity-greeter (Took: 0.566 ms) Completed: /usr/share/unity-greeter/logo.png (Took: 2.455 ms) Completed: /home/ubuntu/.config/autostart/ (Took: 0.527 ms) Completed: /home/ubuntu/.config/autostart/gnome-terminal.desktop (Took: 2.239 ms) Completed: gsettings set com.canonical.Unity.Launcher launcher-position Bottom (Took: 325.464 ms) Running: gsettings set com.canonical.Unity.Lenses disabled-scopes "['more_suggestions-amazon.scope', 'more_suggestions-u1ms.scope', 'more_suggestions-populartracks.scope', 'music-musicstore.scope', 'more_suggestions-ebay.scope', 'more_suggestions-ubuntushop.scope', 'more_suggestions-s Completed: gsettings set com.canonical.Unity.Lenses disabled-scopes "['more_suggestions-amazon.scope', 'more_suggestions-u1ms.scope', 'more_suggestions-populartracks.scope', 'music-musicstore.scope', 'more_suggestions-ebay.scope', 'more_suggestions-ubuntushop.scope', 'more_suggestions-skimlinks.scope']" (Took: 328.116 ms) Running: gsettings set com.canonical.Unity.Launcher favorites "['application://gnome-terminal.desktop', 'application://firefox.desktop', 'application://org.gnome.Nautilus.desktop', 'application://unity-control-center.desktop', 'unity://running-apps', 'unity://expo-icon', 'unity://devi Completed: gsettings set com.canonical.Unity.Launcher favorites "['application://gnome-terminal.desktop', 'application://firefox.desktop', 'application://org.gnome.Nautilus.desktop', 'application://unity-control-center.desktop', 'unity://running-apps', 'unity://expo-icon', 'unity://devices']" (Took: 326.642 ms) Completed: dconf write /org/compiz/profiles/unity/plugins/unityshell/icon-size 32 (Took: 328.176 ms) Completed: dconf write /org/compiz/profiles/unity/plugins/unityshell/launcher-minimize-window true (Took: 327.886 ms) Completed: Etc/UTC (Took: 344.839 ms) Completed: /cases (Took: 1.717 ms) Completed: /mnt/usb (Took: 1.265 ms) Completed: /mnt/vss (Took: 0.752 ms) Completed: /mnt/shadow_mount (Took: 0.719 ms) Completed: /mnt/windows_mount (Took: 0.735 ms) Completed: /mnt/ewf_mount (Took: 0.709 ms) Completed: /mnt/e01 (Took: 0.707 ms) Completed: /mnt/aff (Took: 0.712 ms) Completed: /mnt/ewf (Took: 0.727 ms) Completed: /mnt/bde (Took: 0.736 ms) Completed: /mnt/iscsi (Took: 0.707 ms) Completed: /mnt/windows_mount1 (Took: 0.714 ms) Completed: /mnt/windows_mount2 (Took: 0.713 ms) Completed: /mnt/windows_mount3 (Took: 0.709 ms) Completed: /mnt/windows_mount4 (Took: 0.729 ms) Completed: /mnt/windows_mount5 (Took: 0.707 ms) Completed: /mnt/shadow_mount/vss1 (Took: 0.766 ms) Completed: /mnt/shadow_mount/vss2 (Took: 0.744 ms) Completed: /mnt/shadow_mount/vss3 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss4 (Took: 0.744 ms) Completed: /mnt/shadow_mount/vss5 (Took: 0.747 ms) Completed: /mnt/shadow_mount/vss6 (Took: 0.743 ms) Completed: /mnt/shadow_mount/vss7 (Took: 0.741 ms) Completed: /mnt/shadow_mount/vss8 (Took: 0.776 ms) Completed: /mnt/shadow_mount/vss9 (Took: 0.739 ms) Completed: /mnt/shadow_mount/vss10 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss11 (Took: 0.743 ms) Completed: /mnt/shadow_mount/vss12 (Took: 0.745 ms) Completed: /mnt/shadow_mount/vss13 (Took: 0.754 ms) Completed: /mnt/shadow_mount/vss14 (Took: 0.741 ms) Completed: /mnt/shadow_mount/vss15 (Took: 0.755 ms) Completed: /mnt/shadow_mount/vss16 (Took: 0.739 ms) Completed: /mnt/shadow_mount/vss17 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss18 (Took: 0.747 ms) Completed: /mnt/shadow_mount/vss19 (Took: 0.74 ms) Completed: /mnt/shadow_mount/vss20 (Took: 0.735 ms) Completed: /mnt/shadow_mount/vss21 (Took: 0.737 ms) Completed: /mnt/shadow_mount/vss22 (Took: 0.799 ms) Completed: /mnt/shadow_mount/vss23 (Took: 0.742 ms) Completed: /mnt/shadow_mount/vss24 (Took: 0.748 ms) Completed: /mnt/shadow_mount/vss25 (Took: 0.736 ms) Completed: /mnt/shadow_mount/vss26 (Took: 0.734 ms) Completed: /mnt/shadow_mount/vss27 (Took: 0.75 ms) Completed: /mnt/shadow_mount/vss28 (Took: 0.738 ms) Completed: /mnt/shadow_mount/vss29 (Took: 0.737 ms) Completed: /mnt/shadow_mount/vss30 (Took: 0.746 ms) Completed: salt-minion (Took: 3415.18 ms) Completed: /etc/samba/smb.conf (Took: 12.899 ms) Completed: smbd (Took: 889.701 ms) Completed: smbd (Took: 1783.618 ms) Completed: nmbd (Took: 886.783 ms) Completed: nmbd (Took: 1781.263 ms) Completed: /etc/foremost.conf (Took: 4.676 ms) Completed: /usr/local/etc/foremost.conf (Took: 2.292 ms) Completed: sift-config-tools (Took: 0.328 ms)

Completed with Failures -- Success: 528, Failure: 11 root@ip-192-168-1-8:/usr/local/bin#

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

teamdfir / sift

Not able to Install sift-cli-linux on Ubuntu Server 16.04 LTS (HVM) #275