Skip to main content

RITx: CYBER502x Computer Forensics

ComputerAct

Linux Virtual Workstation

The optional activities in Units 2 and 3 take place in a Linux system environment using SANS SIFT Workstation, a collection of forensic tools.

Windows and Linux Users

Download VMware Workstation Player

Windows and Linux users can download VMware Workstation Player, a free desktop application that lets you run a virtual machine on a Windows or Linux PC.

VMware Workstation Player download

Follow the instructions at the website to install VMware Workstation Player.

Download SANS SIFT Workstation

You have to create an account in order to download the free SANS SIFT Workstation. 

SANS SIFT Workstation download

Extract the SIFT Workstation .zip file.

Create your SIFT virtual machine
  1. Start the VMware Workstation Player, and use Open a Virtual Machine to open the SIFT virtual machine. 
  2. Navigate to the SIFT Workstation folder and open SIFT3xxx.ovf.
  3. Import the SIFT Virtual machine to your desired location.
  4. When you start SANS SIFT Workstation you will be prompted for a username and password:
  • Default username: sansforensics
  • Default password: forensics

You can now begin the activities.

MAC Users

Download VirtualBox

VMware Workstation Player does not support Macintosh. Macintosh users can download VirtualBox to run SANS SIFT workstation.

VirtualBox download

Follow the instructions at the website to install the VirtualBox.

Download SANS SIFT Workstation

Download SANS SIFT Workstation. You have to create an account to download the free software as a .zip file.

SANS SIFT Workstation download

Extract the .zip file.

Open and configure VirtualBox
  1. Open VirtualBox from “Applications” or from “Search” (The magnifying glass present at the top right side of desktop)
  2. When prompted for Name and Operating System:
  • Name: enter SANS_SIFT
  • Type: select Linux
  • Version: select Ubuntu (64-bit)
  1. When prompted for Memory Size, at least 2GB (2048) is needed for optimum performance. 4GB (4096) is recommended. Slide the slider to increase the memory and press Continue.
  2. When prompted for Hard disk, select Use an existing virtual hard disk file.
  3. Select the SANS appliance SIFT3_-_Distro_Version-disk1.vmdk from the drop-down menu, then press Create.
  4. VirtualBox will automatically create the virtual machine. Press Start.
    Virtual box window
  5. Press Enter. Sometimes /cases drive will not be automatically mounted and the boot process will halt. You can click S to skip it. It can be ignored
  6. SIFT Workstation will open. You will be prompted for a username and password:
  • Default username: sansforensics
  • Default password: forensics

You can now begin the activities.

If you want to make the virtual machine full-screen:
  1. Install the Virtualbox guest utils by entering the command sudo apt-get install virtualbox-guest-utils.
  2. When asked if you want to continue, enter y.
  3. Reboot your SIFT virtual system.

You should now have significantly better screen with higher resolution.