In order to be able to quickly setup and configure a machine to perform forensic tasks, I built an Ansible-based playbook with different roles to provide a basic pre-configured environment of the software packages to start working.
Please note, that this is work in progress for my personal needs.
Modify inventory/hosts to match your machines and change the given username.
Then you might edit playbook/playbook.yml to include or exclude certain roles. Take a look into each roles tasks/main.yml file to see, what packages are installed.
├── inventory
├── playbook
└── roles
├── base
├── python
├── shell-environment
|── docker
├── emacs
├── disk-forensics
├── malware-forensics
├── network-forensics
└── office
Make sure to install ansible for python3 on the controller side:
pip3 install ansible
Furtheron check, that the box to configure is reachable via SSH without a password prompt (use ssh-copy-id to transfer your keys, if not)
After modifying the hosts file run the playbook to provision a box with the following command:
ansible-playbook -i inventory/hosts playbook/playbook.yml --ask-become-pass -vvvIf you do not care about supplying the sudo-password in cleartext or delete it afterwards anyway, use:
ansible-playbook -i inventory/hosts playbook/playbook.yml --extra-vars "ansible_become_pass=super_secret"