Scribd Logo
Upload

Welcome to Scribd!

  • FOR518 Ex 0 G01 01

    Uploaded by

    Elfawizzy
    47 views5 pages
    The document provides instructions for installing required software for a forensics analysis course. It involves downloading Xcode and Xcode Command Line Tools, macFUSE, xmount, The Sleuth Kit, SQLite Database Browser, Hex editors, The Unarchiver, Homebrew, Volatility, and John the Ripper. The process takes approximately 1 hour and involves following steps to download, install, and configure the various applications and tools through the App Store, DMG files, terminal commands, and using Homebrew as a package manager.

    Original Description:

    Original Title

    FOR518_Ex_0_G01_01

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides instructions for installing required software for a forensics analysis course. It involves downloading Xcode and Xcode Command Line Tools, macFUSE, xmount, The Sleuth Kit, SQLite Database Browser, Hex editors, The Unarchiver, Homebrew, Volatility, and John the Ripper. The process takes approximately 1 hour and involves following steps to download, install, and configure the various applications and tools through the App Store, DMG files, terminal commands, and using Homebrew as a package manager.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    47 views5 pages

    FOR518 Ex 0 G01 01

    Uploaded by

    Elfawizzy
    The document provides instructions for installing required software for a forensics analysis course. It involves downloading Xcode and Xcode Command Line Tools, macFUSE, xmount, The Sleuth Kit, SQLite Database Browser, Hex editors, The Unarchiver, Homebrew, Volatility, and John the Ripper. The process takes approximately 1 hour and involves following steps to download, install, and configure the various applications and tools through the App Store, DMG files, terminal commands, and using Homebrew as a package manager.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 5

    Lab 0: Lab Setup (Pre-Class)

    Objectives
    • Install required software for FOR518: Mac and iOS Forensic Analysis and Incident Response

    Class Preparation

    This process should take approximately 1 hour, including download time. Xcode is very large will take a long
    time to download; depending on your connection, this process could take longer.

    You may use your host system or a virtual machine; however, this setup has not been fully tested in a VM. If
    you choose to go this route, please be aware that not all tools may work as intended.

    ***NOTE: It is very important that steps 1–5 are followed in order to ensure proper software installation.***

    You may download the files at their respective websites listed or you may download an archive of these files
    here: http://for518.com/tools (excludes tools that are too large or needs to be done online). If you are in
    class, the Tools directory on your thumb drives will provide these tools. Please use the application "The
    Unarchiver" to extract the 7zip files (included on thumb drive).

    Gatekeeper Settings:
    • Some installer files are from “Unidentified Developers” or “Not from the App Store.”

    • Users may allow these files to be installed by Control+clicking the installer file and choosing “Open.” A
    window will pop-up; select “Open.”

    © 2021 Sarah Edwards FOR518 Lab 0 - 1


    Another option is to use the “Open Anyway,” shown below, each time they get the “Unidentified Developer”
    or “Not from the App Store” error.

    1. Xcode and Xcode Command Line Tools


    • If you have not already done so, register for an Apple Developer Account here. It requires an
    Apple ID; if you do not have one, you may also register for one at
    https://developer.apple.com/register/
    • Determine your OS version by going to Apple Menu | About This Mac; you will need to
    download Xcode and Command Line Tools specific for this OS version. This chart may help
    determine this:
    https://en.wikipedia.org/wiki/Xcode#Version_comparison_table

    © 2021 Sarah Edwards FOR518 Lab 0 - 2


    1. Please download the latest Xcode available for your operating system from the App Store or
    https://developer.apple.com/downloads/
    i. You may have to click “More Downloads” to access older versions.

    2. Please also download the latest Command Line Tools (for your version of the OS) from
    https://developer.apple.com/downloads/
    i. You may have to go click “More Downloads” to access older versions.

    3. Install Xcode (Note: This will take a while; grab some coffee.)
    i. If installing via App Store, installation will be done for you.
    ii. If installing via DMG file, open the DMG file and drag the application to the
    /Applications directory.

    4. Install Command Line Tools


    i. Open the DMG file, double-click the package installer and follow the default prompts.

    2. macFUSE
    1. Download macFUSE from https://osxfuse.github.io
    2. Open the DMG file, double-click the package installer, and follow the default prompts.

    3. xmount 64-bit Package


    1. Download xmount-0.7.6.pkg (or newer) from http://www.pinguin.lu/
    a. Click the XMOUNT link on the right side under “Projects.”
    b. Download the package labeled “Mac OS X 64bit package.”
    2. Open the DMG file, double-click the package installer, and follow the default prompts.
    a. If you get the error “OS X Fuse Not Installed Error” please run the “mkdir” command in
    the box below and then re-run the xmount package installer. (Make sure you type out
    “osxfusefs.fs” in each case when using tab completion.)

    $ mkdir -p /Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext

    4. The Sleuth Kit


    1. Download sleuthkit-4.#.#.tar.gz from
    https://www.sleuthkit.org/sleuthkit/download.php.
    2. Locate and open the Terminal.app from /Applications/Utilities/.
    3. Use the cd command to open the default Downloads directory.
    4. Use the tar command to unpack the sleuthkit-4.#.#.tar.gz file.
    5. Once unpacked, cd into the sleuthkit-4.#.#.tar.gz directory.
    6. Configure and install sleuthkit using the commands:
    a. ./configure --disable-java
    b. make
    c. sudo make install

    $ cd ~/Downloads
    © 2021 Sarah Edwards FOR518 Lab 0 - 3
    $ tar -xvf sleuthkit-4.#.#.tar.gz

    $ cd sleuthkit-#.#.#

    $ ./configure --disable-java

    $ make

    $ sudo make install

    $ mmls –i list

    5. SQLite Database Browser


    1. Download the latest version of SQLite Database Browser from
    http://sqlitebrowser.org/.
    2. Open the DMG file and drag the SQLite Database Browser application to the /Applications
    directory.

    6. Hex Editors
    • You may choose your favorite; these are recommended:
    i. Hex Fiend
    1. Download from http://ridiculousfish.com/hexfiend/.
    2. Unzip and move the application to the /Applications directory.
    ii. 0xED
    1. Download from http://www.suavetech.com/0xed/.
    2. Open the BZip2 archive by double clicking, then move the application to the
    /Applications directory.

    7. The Unarchiver
    1. Download The Unarchiver from the Mac App Store or from
    http://unarchiver.c3.cx/unarchiver, under the “Other Links” heading.
    2. Double-click to unzip.
    3. Drag the Unarchiver.app file to the /Applications directory.

    8. Homebrew
    1. Download the Mac package manager Homebrew from https://brew.sh/.
    2. This web page will contain a script that you need to copy and paste into your Terminal window.

    9. Volatility
    1. Change directory back to your home directory using the ‘cd’ command.
    2. Download and install Volatility using Homebrew.
    3. Use the brew install command to do this.
    1. brew install volatility

    $ cd ~

    © 2021 Sarah Edwards FOR518 Lab 0 - 4


    $ brew install volatility

    10. John the Ripper


    1. Change the directory back to your home directory using the "cd" command.
    2. Download and install John the Ripper using Homebrew.
    3. Use the brew install command to do this.
    1. brew install john-jumbo

    $ cd ~

    $ brew install john-jumbo

    © 2021 Sarah Edwards FOR518 Lab 0 - 5

    You might also like