This README describes the virtual machine image for ADIA, the Appliance for Digital Investigation and Analysis. These virtual machines are based on CentOS 7.
This version of ADIA supports both VMware and Virtual Box. This version support the x86_64 (64 bit) host computer system architecture.
You should routinely update ADIA to keep it current with package released by Red Hat and packages released by CERT.
ADIA has been tested and works on VMware Workstation 14 under Windows 10 Education. We expect that it will work in other configurations but they remain untested. When the virtual machine was packaged for distribution, it was converted to work with VMware Workstation 5 and later.
To install ADIA under VMware, do the following:
Finishbutton to continue.
Installing ADIA under VMware requires about 8Gb of disk space.
ADIA has been tested and works on Virtual Box 5.2.2 under Windows 10 Education. We expect that it will work in other configurations but they remain untested. Note that you will need to also have the Virtual Box Extension Pack installed to run ADIA.
To install ADIA under Virtual Box, do the following:
Machine->Settings...->Shared Foldersto make this change.
Installing ADIA under Virtual Box requires about 8Gb of disk space.
ADIA assumes that it is connected to a network that provides configuration information through DHCP. Whether that connection is NATed or bridged is a configuration choice, but as long as DHCP service is provided, the appliance will use it to configure its network connection. You can reconfigure ADIA to use a static address through the Network Manager icon on the desktop. See http://projects.gnome.org/NetworkManager/ for more information.
This appliance also assumes that it is directly connected to the Internet without a proxy server. If that does not match the configuration of your network, then you must configure a proxy server as needed.
For example, if you use a browser, you will need to configure your network's proxy server into that browser. If you wish to load or update the packages installed on this appliance, you will need to configure your network's proxy server in /etc/yum.conf. Other applications will also need to be configured to use your network's proxy server so consult your organization's documentation to determine how to do this.
ADIA is configured to use file systems shared to it by the host. There is an icon on the examiner login desktop named "Shared Folders" that when double clicked starts a file browser that initially contains the names of all of the directories shared to it.
To share folders from the host to this appliance, consult the documentation for your version of VMware or Virtual Box.
By default, ADIA assumes that there is a share named Forensics (typically the folder C:\Forensics) that is shared from the host. Further, if you intend to use the Autopsy tool, create a directory named morgue in this shared folder.
As distributed, this appliance automatically logs into the
examiner account when it is booted.
However, should the screen lock or in some other way prompt for the examiner password, it is the string
The password for the root account is also
The Mate Window system is used for the examiner login. The use of other window systems is untested and may result in unexpected results.
It is recommended that you routinely update packages using:
sudo yum update
Note that if you update the kernel for Virtual Box, you will also need to install the Guest Additions and then reboot. See this web page for the procedure to do that: http://www.virtualbox.org/manual/ch04.html.
From time to time, the packages used to build the examiner login account are updated, primarily when new tool documents are distributed. To update the examiner login with these new files, do the following:
sudo manage-examiner-login -S -v
This will update the examiner login and retain any conflicts as described in the manage-examiner-login man page.
The packages for all installed applications reside on a repository located at CERT at http://www.cert.org/forensics/repository.
Automatically mounting file systems such as those on an external USB device is enabled but file systems are mounted read-only by default.
If you need read-write access to an external file system, you will need to remount it using the mount command and a terminal window.
For updates and new versions of this appliance, visit http://www.cert.org/forensics/repository/#ADIA.
Send mail to firstname.lastname@example.org with any questions and bug reports that you may have. We will answer questions as we are able.
ADIA CentOS 7