Installing SANS SIFT on Windows

by Joshua Jacobs

This guide walks through how to install SANS SIFT on Windows

Prerequisites

1.) Install Windows Updates. 

  • You must be running Windows 10 version 2004 and higher (Build 19041 and higher) or Windows 11.

2.) Install Windows Subsystem for Linux (WSL)

  • You can now install everything you need to run Windows Subsystem for Linux (WSL) by entering this command in an administrator PowerShell or Windows Command Prompt and then restarting your machine.
WSL --install

Installing Ubuntu on WSL

3.) Install Ubuntu from Microsoft Store. 

  • At the time of this article, Ubuntu 20.04 LTS is the latest version supported by SANS SIFT.

4.) Install Ubuntu updates

sudo apt-get update && sudo apt-get upgrade -y

Installing SANs SIFT on WSL

5.) Download the latest release from https://github.com/sans-dfir/sift-cli/releases/latest At the time of this article the latest release was 1.13.1.
wget https://github.com/teamdfir/sift-cli/releases/download/v1.13.1/sift-cli-linux
wget https://github.com/teamdfir/sift-cli/releases/download/v1.13.1/sift-cli-linux.sig
wget https://github.com/teamdfir/sift-cli/releases/download/v1.13.1/sift-cli.pub
6.) Install Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
7.) Install Cosign
 bew install cosign 
  8.) Verify Signatures
cosign verify-blob --key sift-cli.pub --signature sift-cli-linux.sig sift-cli-linux
9.) Move files
sudo mv sift-cli-linux /usr/local/bin/sift
10.) Set Permissions
chmod 755 /usr/local/bin/sift
11.) Install SIFT in Server Mode
sift install --mode=server

Leave a Comment