Closed Joshua-Bornman closed 8 years ago
ekristen
commented
8 years ago Hi Josh.
The manually installation does not create the sansforensics user, it uses whatever user you are logged on as when you run the script.
What version of linux are you using? We only support Ubuntu 14.04 right now.
There should be a sift-install.log in your home directory, please use https://gist.github.com to upload it and provide the link here.
Joshua-Bornman
commented
8 years ago Hi Erik
Thanks for the reply
I am using 14.04 LTS at the moment. Not sure if the LTS would make a difference.
Below is the link to my sift-install log:
https://gist.github.com/Joshua-Bornman/c30e52f08183434a28e6
Kind regards Josh
On 15/09/2015 15:14, Erik Kristensen wrote:
Hi Josh.
The manually installation does not create the |sansforensics| user, it uses whatever user you are logged on as when you run the script.
What version of linux are you using? We only support Ubuntu 14.04 right now.
There should be a |sift-install.log| in your home directory, please use https://gist.github.com to upload it and provide the link here.
— Reply to this email directly or view it on GitHub https://github.com/sans-dfir/sift/issues/83#issuecomment-140384076.
ekristen
commented
8 years ago FTK is not something that gets installed to my knowledge.
Are there any other tools you think are missing?
The install log looks good, I don't see any problems with it.
Joshua-Bornman
commented
8 years ago I might be mistaken. In the second SIFT tutorial video on youtube the guy mentioned that he uses FTK command line, and not the actual program. I kind stopped listening when I heard him say FTK as I knew it wasn't on the system.
Log2timeline, autopsy and sleuthkit I don't see on the system if I search for them. Are they also command lines?
Also where would I go to see which ones are command lines and how I could use them?
On 15/09/2015 15:50, Erik Kristensen wrote:
FTK is not something that gets installed to my knowledge.
Are there any other tools you think are missing?
The install log looks good, I don't see any problems with it.
— Reply to this email directly or view it on GitHub https://github.com/sans-dfir/sift/issues/83#issuecomment-140400227.
ekristen
commented
8 years ago FTK is not included in SIFT v3.
log2timeline, autopsy, and sleuthkit are all available.
Typing autopsy from the command line will launch it.
Same with log2timeline, however in the latest, log2timeline has been deprecated in favor of its successor plaso
Joshua-Bornman
commented
8 years ago OK that's perfect, then I understand FTK doesn't come with SIFT but do you know of a way to install in on Ubuntu because as far as I can see it only works on Linux...
Sent by Outlook for Android
On Tue, Sep 15, 2015 at 8:09 AM -0700, "Erik Kristensen" notifications@github.com wrote:
FTK is not included in SIFT v3.
log2timeline, autopsy, and sleuthkit are all available.
Typing autopsy from the command line will launch it.
Same with log2timeline, however in the latest, log2timeline has been deprecated in favor of its successor plaso
— Reply to this email directly or view it on GitHub.
ekristen
commented
8 years ago Ubuntu is Linux.
AFAIK FTK is only downloadable as a ISO image.
Joshua-Bornman
commented
8 years ago I understand that but the guy had it in his tutorial video...
The video link is: www.youtube.com/watch?v=0tZjN-OjMdc&index=2&list=PL60DFAE759FCDF36A
Thanks again for the help
Sent by Outlook for Android
On Tue, Sep 15, 2015 at 10:41 AM -0700, "Erik Kristensen" notifications@github.com wrote:
Ubuntu is Linux.
AFAIK FTK is only downloadable as a ISO image.
— Reply to this email directly or view it on GitHub.
ekristen
commented
8 years ago That is a very old version of SIFT. Unfortunately in SIFT v3 and forward FTK is not supported by the install scripts. You might be able to install it, however I do not know how.
Joshua-Bornman
commented
8 years ago OK perfect. I was just hoping it would be able to work somehow.
Thanks for the assistance again
Sent by Outlook for Android
On Tue, Sep 15, 2015 at 10:50 AM -0700, "Erik Kristensen" notifications@github.com wrote:
That is a very old version of SIFT. Unfortunately in SIFT v3 and forward FTK is not supported by the install scripts. You might be able to install it, however I do not know how.
— Reply to this email directly or view it on GitHub.
ekristen
commented
8 years ago It could work, it is just not part of the install process, nor do I know how to get it installed.
I followed the instructions on http://digital-forensics.sans.org/community/downloads to manually install the workstation and went through with the whole process. However when I wanted to login to sansforensics the option wasn't there, only the option to log in to my previous account which I made to be able to do this...
The installation worked however, as a few of the tools were installed, including Maltego and Wireshark, but a large number of tools were not installed, such as FTK imager
I think I did something wrong in the installation but I can't figure out where I might have gone wrong, please help