4.3K
This guide walks through how to install SANS SIFT on Windows
Prerequisites
1.) Install Windows Updates.
- You must be running Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11.
2.) Install Windows Subsystem for Linux (WSL)
- You can now install everything you need to run Windows Subsystem for Linux (WSL) by entering this command in an administrator PowerShell or Windows Command Prompt and then restarting your machine.
WSL --install
Installing Ubuntu on WSL
3.) Install Ubuntu from Microsoft Store.
- At the time of this article, Ubuntu 20.04 LTS is the latest version supported by SANS SIFT.
4.) Install Ubuntu updates
sudo apt-get update && sudo apt-get upgrade -y
Installing SANs SIFT on WSL
5.) Download the latest release from https://github.com/sans-dfir/sift-cli/releases/latest
At the time of this article the latest release was 1.13.1.
wget https://github.com/teamdfir/sift-cli/releases/download/v1.13.1/sift-cli-linux wget https://github.com/teamdfir/sift-cli/releases/download/v1.13.1/sift-cli-linux.sig wget https://github.com/teamdfir/sift-cli/releases/download/v1.13.1/sift-cli.pub6.) Install Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"7.) Install Cosign
bew install cosign8.) Verify Signatures
cosign verify-blob --key sift-cli.pub --signature sift-cli-linux.sig sift-cli-linux9.) Move files
sudo mv sift-cli-linux /usr/local/bin/sift10.) Set Permissions
chmod 755 /usr/local/bin/sift11.) Install SIFT in Server Mode
sift install --mode=server