Skip to content

thalesgroup-cert/FAST

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Documentation
Documentation
 
 
Setup
Setup
 
 
Softwares
Softwares
 
 
Tutorial
Tutorial
 
 
Classes.py
Classes.py
 
 
FAST.py
FAST.py
 
 
Json.py
Json.py
 
 
LICENSE
LICENSE
 
 
Launch_Windows.bat
Launch_Windows.bat
 
 
README.md
README.md
 
 

Repository files navigation

Developed by Thales Group CERT.

Forensic Analysis Software Toolbox - FAST

For investigation purpose, you can automatically install forensic software in your virtual machine. FAST works well on hosts too, but this approach is not recommended in case of of malware processing.

Tested on

  • Windows 10 (system 64x) version 20H2
  • Ubuntu 20.04.3 LTS (64-bit)

Goals

  • The script install DFIR pieces of software without almost no user interaction
  • Update and remove easily already installed software
  • Running on Windows and Linux based systems

Why FAST?

  • To ease software installation
  • To help people in countries with slow internet connection
  • To avoid downloading Virtual Machine with large amout of data

Prerequisites

You can install forensic software in your own computer, but it's highly recommended to install it into a Virtual Machine.

Installation of software in Virtual Machine

  • VMWare Workstation Pro / Virtual Box / Other Virtual Machine Software Programs
  • ISO Ubuntu 20 / ISO Windows 10

General Setup

  • Once your Virtual Machine is running, make sure to do all the updates, otherwise the program might not work properly
  • Turn off standby and hibernation to avoid stopping software installation
  • If required, download FTKImager separately (https://www.exterro.com/ftk-imager) and drop the installer in "Softwares > FtkImager" folder
  • Disable the antivirus if you are installing Nirsoft software as it could trigger alerts and remove binaries considered as hacktools

WINDOWS 10

Setup for installation

1. DOWNLOAD PYTHON

Go to Microsoft Store and download Python 3

2. Open FAST directory
  • Go to Setup folder and execute windows.bat script
  • Click Yes button to give the script administrator rights, it will install Winget and Tkinter
3. User interaction might be required during Winget installation:

  • You will see Winget installation processing

  • If Winget is already installed, you won't have to do anything

  • Otherwise, you have to click on Update button that appears, then close that window

How to use the programm on Windows 10

  • Click on Launch_Windows.bat to run the program and let the application to run as administrator

1. Check the software that you want to install or update
2. Choose your mode (Install / Update / Remove)
3. (Optional) If you want to install or update a software using wsl, you need to put the password of your Ubuntu Windows Subsystem
  • For the first installation, it creates a user in the ubuntu subsystem
  • Add your WSL password on the input if you are installing or updating a software using WSL
Default WSL username and password
- Username: user
- Password: root

Make sure to change the password after installation

4. Click on submit
5. Check the detail of the process

UBUNTU 20.04.3

Setup for installation

1. Go to the FAST directory with command prompt

cd 'to the related directory'

2. Give the right to the setup file to be launched, then launch it to install python3 and tkinter
cd Setup
chmod 764 ubuntu.sh
./ubuntu.sh

The file ubuntu.sh is only used to setup FAST and to install dependancies.

3. Enter your password to install Python3 and Tkinter

How to use the program on Ubuntu 20.04.3

Launch the program from the command prompt

python3 FAST.py
1. Check the software that you want to install or update
2. Choose your mode (Install / Update / Remove)
3. Enter your password in order to let the app to be a super admin
4. Click on submit
5. Check the detail of the process

Tree

├── README.md
├── FAST.py
├── Classes.py
├── Json.py
├── Launch_Windows.bat
├── Setup
│   ├── ubuntu.sh
│   ├── windows.bat
│   └── build_md.py
├── Documentation
│   ├── CheatSheet SANS
│   │   ├── cheatsheet.pdf
│   │   └── ...
│   ├── Ressources
│   │   ├── ressources.png
│   │   └── ...
│   ├── Troubleshooting
│   │   ├── troubleshooting.png
│   │   └── ...
│   └── Software
│       ├── Autopsy.md
│       ├── Cyberchef.md
│       ├── ...
│       ├── Ubuntu.md
│       └── Windows.md
├── Tutorial
│   ├── Setup_ubuntu.mp4
│   ├── Tutorial.mkv
│   └── ...
└── Softwares
    ├── Example.json
    ├── Autopsy
    │   ├── installAutopsy.sh
    │   ├── installAutopsy.bat
    │   ├── updateAutopsy.bat
    │   ├── removeAutopsy.bat
    │   └── Autopsy.json
    ├── CyberChef
    │   ├── Cyberchef.py
    │   ├── requirements.txt
    │   └── Cyberchef.json
    ├── FTKImager
    │   ├── FTKImager.exe (Download the executable in https://www.exterro.com/ftk-imager)
    │   ├── installFtkImager.bat
    │   └── FtkImager.json
    └── ...

LICENSE

The FAST code is released under the Massachusetts Institute of Technology (MIT) license. See LICENSE for details.

EMBEDDED SOFTWARE

This section lists the software components and libraries that are distributed by FAST.

You can find a specific documentation related to each software you can install in Documentation > Software.

  • Ubuntu.md : a summary of all the software that can be install in ubuntu operating system
  • Windows.md : a summary of all the software that can be install in windows operating system
Autopsy
Cyberchef
FreeHexEditor (Freeware)
FtkImager
Remnux
Sift
Wireshark
WSL

EMBEDDED RESOURCES

This section lists other resources, such as cheatsheets that are used by FAST.

SANS Cheatsheets

About

FAST - Forensic Analysis Software Toolbox

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Oct 26, 2023

Packages

No packages published

Contributors 2

  •  
  •  

Languages