Cincan Digital Forensics - Install on Ubuntu

CinCan is a digital forensics toolkit.

In these short notes, I will install a development version of CinCan.

Installed an Ubuntu 18.04 Linux on VirtualBox. Set 6 GB RAM and 30 GB of hard disk space. Used good password.

Install Dependencies

$ sudo apt-get update
$ sudo apt-get -y install git virtualenv docker.io
$ sudo adduser $(whoami) docker
$ newgrp docker
$ docker run hello-world

Should print docker hello world text.

Install cincan and minion

$ virtualenv -p /usr/bin/python3 --system-site-packages env
$ source env/bin/activate
$ pip3 install git+https://gitlab.com/cincan/minion
$ pip install cincan-command

Test

$ cincan run cincan/volatility

Should pull the tool (takes a while) and print volatility help message. The help messages ends with "...yarascan Scan process...".

If you see the help message, well done, you have installed CinCan forensic toolkit.

Updated: I cleaned up these short notes a bit.