How to setup SANS sift workstation on Hyper-V?
Sans SIFT is an Opensource SANS Investigative Forensics Toolkit which is used to perform disk Forensic analysis based on Linux. It has the popular tools like autopsy, plaso, dd, wireshark etc.
This article drives through the installation of Sift on Hyper-V. Go to Google and hit sans sift as follows.
After landing into sans sift page , just click on Download virtual appliance(.ova file). We should remember that we need SANS account to download SANS resources.The second option is install all the SANS tools into ubuntu machine.
Select the .ova file and download.
An ova file is an Open Virtualization Format file, it is an open standard compression for virtual images. After downloading, navigate to the .ova file, rename it with ".zip" and extract the file.
Inside the extracted folder we have 3 files. For Virtualbox we can directly import the .ova file but for the Hyper-V we need .vhd file as the virtual hard drive.
To convert the vmdk to vhd we need to run the following command from the cmd/terminal.
vboxmanage clonehd --format vhd <source file>.vmdk <destination file>.vhd
Here we are using Virtualbox cli tool called "VboxManage" and creating a vhd file with given vmdk file.
Now that we can directly import vhd file into Hyper-V server.