After breaking my SANS Linux SIFT environment today while doing a Forensic CTF from pico CTF, (not their fault, it was mine by trying to upgrade sleuth kit) I decided to rebuild.
I use the SIFT VM for a lot of forensic work as there are tools that are preinstalled, and I like the familiar environment from when I’ve done SANS courses.
I downloaded and installed Ubuntu 24.04 into my VM, keeping defaults of 20gb HDD and 4gb RAM. During the install though I chose not to deploy graphics drivers. I figured why bother?
After booting the machine, I kept getting stuck after logging in. I rebooted a few times, watched for HDD activity and it would fail. I even tried disabling Hyper V from the command line using DISM:
dism.exe /Online /Disable-Feature:Microsoft-Hyper-V-All
Rebooted, same deal.
As the install was fresh, and I remembered I hadn’t installed Graphics drivers (and being around when the Nvidia drivers were causing major dramas on Linux back in 1999/2000 IIRC) I thought this would be a goer.
I shut the machine down, went into the VM Settings then Display, and unticked “Accelerate 3d graphics”.
I rebooted, logged in and the problem was solved. No more lockups , and I can continue with my Linux SIFT build 🙂 Happy Friday.
PS The link on the SIFT Workstation build (https://www.sans.org/tools/sift-workstation/) from SANS takes you to the main release page, which is now 24.04. This is incompatible with the SIFT Build.
Per their instructions you will need 22.04 which you can get here:
https://releases.ubuntu.com/jammy
PPS Are you interested in Digital Forensics? Listen to TLP – Traffic Light Protocol the Digital Forensics Podcast: (Also on Apple Podcasts!)
https://open.spotify.com/episode/55WlDzfGV6o9TgHv8KUjhv?si=a27ef41d53d64598