Skip to content
This repository has been archived by the owner on Dec 13, 2024. It is now read-only.

Latest commit

 

History

History
executable file
·
295 lines (231 loc) · 14.2 KB

README.md

File metadata and controls

executable file
·
295 lines (231 loc) · 14.2 KB

Developed by Thales Group CERT.


Forensic Analysis Software Toolbox - FAST

For investigation purpose, you can automatically install forensic software in your virtual machine. FAST works well on hosts too, but this approach is not recommended in case of of malware processing.

Tested on

  • Windows 10 (system 64x) version 20H2
  • Ubuntu 20.04.3 LTS (64-bit)

Goals

  • The script install DFIR pieces of software without almost no user interaction
  • Update and remove easily already installed software
  • Running on Windows and Linux based systems

Why FAST?

  • To ease software installation
  • To help people in countries with slow internet connection
  • To avoid downloading Virtual Machine with large amout of data

Prerequisites

You can install forensic software in your own computer, but it's highly recommended to install it into a Virtual Machine.

Installation of software in Virtual Machine

  • VMWare Workstation Pro / Virtual Box / Other Virtual Machine Software Programs
  • ISO Ubuntu 20 / ISO Windows 10

General Setup

  • Once your Virtual Machine is running, make sure to do all the updates, otherwise the program might not work properly
  • Turn off standby and hibernation to avoid stopping software installation
  • If required, download FTKImager separately (https://www.exterro.com/ftk-imager) and drop the installer in "Softwares > FtkImager" folder
  • Disable the antivirus if you are installing Nirsoft software as it could trigger alerts and remove binaries considered as hacktools

WINDOWS 10

Setup for installation

1. DOWNLOAD PYTHON

Go to Microsoft Store and download Python 3

2. Open FAST directory
  • Go to Setup folder and execute windows.bat script
  • Click Yes button to give the script administrator rights, it will install Winget and Tkinter
3. User interaction might be required during Winget installation:
  • You will see Winget installation processing

  • If Winget is already installed, you won't have to do anything

  • Otherwise, you have to click on Update button that appears, then close that window

How to use the programm on Windows 10

  • Click on Launch_Windows.bat to run the program and let the application to run as administrator

1. Check the software that you want to install or update
2. Choose your mode (Install / Update / Remove)
3. (Optional) If you want to install or update a software using wsl, you need to put the password of your Ubuntu Windows Subsystem
  • For the first installation, it creates a user in the ubuntu subsystem
  • Add your WSL password on the input if you are installing or updating a software using WSL
Default WSL username and password
- Username: user
- Password: root

Make sure to change the password after installation

4. Click on submit
5. Check the detail of the process


UBUNTU 20.04.3

Setup for installation

1. Go to the FAST directory with command prompt

cd 'to the related directory'

2. Give the right to the setup file to be launched, then launch it to install python3 and tkinter
cd Setup
chmod 764 ubuntu.sh
./ubuntu.sh

The file ubuntu.sh is only used to setup FAST and to install dependancies.

3. Enter your password to install Python3 and Tkinter

How to use the program on Ubuntu 20.04.3

Launch the program from the command prompt

python3 FAST.py
1. Check the software that you want to install or update
2. Choose your mode (Install / Update / Remove)
3. Enter your password in order to let the app to be a super admin
4. Click on submit
5. Check the detail of the process


Tree

├── README.md
├── FAST.py
├── Classes.py
├── Json.py
├── Launch_Windows.bat
├── Setup
│   ├── ubuntu.sh
│   ├── windows.bat
│   └── build_md.py
├── Documentation
│   ├── CheatSheet SANS
│   │   ├── cheatsheet.pdf
│   │   └── ...
│   ├── Ressources
│   │   ├── ressources.png
│   │   └── ...
│   ├── Troubleshooting
│   │   ├── troubleshooting.png
│   │   └── ...
│   └── Software
│       ├── Autopsy.md
│       ├── Cyberchef.md
│       ├── ...
│       ├── Ubuntu.md
│       └── Windows.md
├── Tutorial
│   ├── Setup_ubuntu.mp4
│   ├── Tutorial.mkv
│   └── ...
└── Softwares
    ├── Example.json
    ├── Autopsy
    │   ├── installAutopsy.sh
    │   ├── installAutopsy.bat
    │   ├── updateAutopsy.bat
    │   ├── removeAutopsy.bat
    │   └── Autopsy.json
    ├── CyberChef
    │   ├── Cyberchef.py
    │   ├── requirements.txt
    │   └── Cyberchef.json
    ├── FTKImager
    │   ├── FTKImager.exe (Download the executable in https://www.exterro.com/ftk-imager)
    │   ├── installFtkImager.bat
    │   └── FtkImager.json
    └── ...

LICENSE

The FAST code is released under the Massachusetts Institute of Technology (MIT) license. See LICENSE for details.

EMBEDDED SOFTWARE

This section lists the software components and libraries that are distributed by FAST.

You can find a specific documentation related to each software you can install in Documentation > Software.

  • Ubuntu.md : a summary of all the software that can be install in ubuntu operating system
  • Windows.md : a summary of all the software that can be install in windows operating system
Autopsy
Cyberchef
FreeHexEditor (Freeware)
FtkImager
Remnux
Sift
Wireshark
WSL

EMBEDDED RESOURCES

This section lists other resources, such as cheatsheets that are used by FAST.

SANS Cheatsheets