How to setup SANS sift workstation on Hyper-V?

Sans SIFT:

Sans SIFT is an Opensource SANS Investigative Forensics Toolkit which is used to perform disk Forensic analysis based on Linux. It has the popular tools like autopsy, plaso, dd, wireshark etc.

This article drives through the installation of Sift on Hyper-V. Go to Google and hit sans sift as follows. Screenshot from 2018-11-13 21-38-48.png

After landing into sans sift page , just click on Download virtual appliance(.ova file). We should remember that we need SANS account to download SANS resources.The second option is install all the SANS tools into ubuntu machine.

Screenshot from 2018-11-13 21-39-30.png Select the .ova file and download.

Screenshot from 2018-11-13 21-40-30.png An ova file is an Open Virtualization Format file, it is an open standard compression for virtual images. After downloading, navigate to the .ova file, rename it with ".zip" and extract the file.

Screenshot from 2018-11-13 21-56-51.png Inside the extracted folder we have 3 files. For Virtualbox we can directly import the .ova file but for the Hyper-V we need .vhd file as the virtual hard drive. To convert the vmdk to vhd we need to run the following command from the cmd/terminal. vboxmanage clonehd --format vhd <source file>.vmdk <destination file>.vhd

Screenshot from 2018-11-13 22-05-20.png Here we are using Virtualbox cli tool called "VboxManage" and creating a vhd file with given vmdk file.

Screenshot from 2018-11-13 22-06-14.png Now that we can directly import vhd file into Hyper-V server.

Last update: June 3, 2020