Memory Analysis with SIFT 3.0
Having had a decent malware found running in memory of a Windows server, I thought it's a prefect sutuiation to document some forensic works.
First of all, I've installed a new debian 64bit client instance using VirtualBox.
Once the server is up and running, issue below command to initiate the SANS SIFT install...
wget --quiet -O - https://raw.github.com/sans-dfir/sift-bootstrap/master/bootstrap.sh | sudo bash -s -- -i -s -y
* INFO: Welcome to the SIFT Bootstrap
* INFO: This script will now proceed to configure your system.
* INFO: You supplied the -y option, this script will not exit for any reason
* INFO: OS: Ubuntu
* INFO: Arch: 64
* INFO: Version: 14.04
* INFO: Updating your APT Repositories ...
* INFO: Installing Python Software Properies ...
* INFO: Enabling Universal Repository ...
* INFO: Enabling Elastic Repository ...
* INFO: Adding Ubuntu Tweak Repository
* INFO: Adding SIFT Repository: stable
* INFO: Updating Repository Package List ...
* INFO: Upgrading all packages to latest version ...
.
.
.
[be patient until install completes...]
The install had some errors:
* ERROR: Install Failure: mantaray (Error Code: 100)
* ERROR: Install Failure: regripper (Error Code: 100)
* ERROR: Install Failure: wine (Error Code: 100)
* ERROR: Install Failure: python-plaso (Error Code: 100)
And I had to add the programs manually, also to see why thei were not installed in the first place.
apt-get install python-plaso wine regripper mantary