-
Notifications
You must be signed in to change notification settings - Fork 2
/
INSTALL
27 lines (23 loc) · 986 Bytes
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
## INSTALL and configuration guide
# Compatibility
Tested on Windows XP SP3 and newer (state: 2020).
# Quick setup
All required binaries are available in dfir-orc-SIT-config/tools/
alternatively, ValidationModule.exe and AFF4Module are bundled in each release
# Build
1. dfir-orc-SIT-patch/README.md to build dfir-orc-SIT framework
2. ValidationModule/INSTALL to build ValidationModule.exe
3. AFF4Module/INSTALL to build AFF4Module.exe
# Default configuration
1. Enter dfir-orc-SIT-config/
2. The following tools need to be available in tools/:
7zr.exe (download at https://www.7-zip.org/download.html 7-Zip 19.00 (2019-02-21) for Windows:
LZMA SDK: (C,C++,C#,Java) in bin/)
DFIR-Orc_x64.exe
DFIR-Orc_x86.exe
ValidationModule.exe
AFF4Module.exe
3. Configure artifact samples to collect in config/ArtifactModule_config.xml
Guide: https://dfir-orc.github.io/configuring_ntfs_opt.html
4. Execute Configure.cmd from the command line
5. SIT.exe should be available in /output