How To Install SANS SIFT Workstation On VirtualBox Easily

by Sunny Hoi

What Is SANS SIFT (SANS Investigative Forensic Toolkit)?

The SANS SIFT Workstation aka the SANS Investigative Forensic Toolkit is a computer forensics Virtual Machine appliance for VirtualBox and VMware.

The computer forensics VM by SANS Institute is preloaded with several useful tools for digital forensic professionals which permits them to carry out comprehensive digital forensic examinations easily.

The toolkit is well suited with various formats such as the expert witness format, raw evidence formats, and advanced forensic format.

The toolkit not only works with VMWare Player and Workstation, but also with VirtualBox easily. There is no need to install guest additions to the VM.

This guide will show you how to install SANS SIFT Workstation on VirtualBox easily.

1. The first step is to download and install VirtualBox from the official site.

Ensure that you have the latest version of VirtualBox before proceeding.

2. Download the SIFT Workstation OVA file from the official SANS download page.

To download the OVA file, you must have a SANS account. If you do not, create a free one.

Wait until the SIFT-Workstation OVA file finishes downloading.

3. Import SIFT Workstation Virtual Machine Appliance.

Open the downloaded SIFT Workstation OVA file from the VirtualBox user interface via File > Import Appliance.

Feel free to change the name of the Virtual Machine, the number of cores utilized, or the amount of RAM used.

4. Launch the SANS SIFT Workstation Virtual Machine From VirtualBox.

To start SIFT, double click on the newly imported VM in VirtualBox.

The default account credentials for the SIFT Virtual Machine is:

Login: sansforensics

Password: forensics

Installing Guest Additions into the VM is not necessary.

We can fully use the SIFT computer forensics VM appliance without any issues.

We can make the screen size larger or go into full screen.

5. Create A Snapshot (Backup).

It’s a good idea to create a snapshot of the computer forensics VM appliance which would allow you to restore to the original VM if you experience technical issues or just want start off fresh again. This is great because you don’t have to go through the steps of importing the OVA files and altering the VM’s parameters again (VM name, cores utilized, amount of memory, etc.)

To create a snapshot for the virtual machine, go back to VirtualBox and select your VM. Click on “Take.” Give your backup a name. Select “Ok.” Wait until the backup is successfully created.

When the backup is created, we will see it in VirtualBox.

Creating a snapshot will save the SANS computer forensics virtual machine appliance’s current state which permits you to revert back whenever you would like.

Conclusion

This tutorial has illustrated how to install SANS SIFT Workstation on VirtualBox easily.

Therefore, we can see how digital forensic professionals can begin to take advantage of the essential tools in SANS SIFT for their investigations.

Related Posts