-
Notifications
You must be signed in to change notification settings - Fork 5
Running on SIFT
5-minute setup guide for getting dart-agent running on a SIFT VM.
SANS SIFT Workstation v22.04 is the de-facto open-source DFIR distribution, used by every SANS FOR-class student and most working analysts. It ships with:
- The forensic toolchain Agentic-DART expects (Volatility, Plaso, Eric Zimmerman tools, hindsight)
- Mounted-evidence conventions (
/mnt/case-evidence, read-only by default) - Python 3.10+
The hackathon submission is primarily validated on SIFT v22.04. Other Linux distros work; this is just the most reproducible path.
If you don't have it, download it from https://www.sans.org/tools/sift-workstation/. It is a large VM image; VMware, VirtualBox, and Parallels images all work.
Default user: sansforensics (SIFT) — we'll create / use analyst for Agentic-DART so the prompt matches the documentation:
sudo adduser analyst
sudo usermod -aG sudo analyst
su - analyst(Or just stay as sansforensics. The docs reference analyst@siftworkstation for visual consistency, not as a hard requirement.)
The installer installs into whatever Python environment is active (it never
forces a private venv — activate one first if you want isolation) and also
clones + installs the collector adapter.
On a SANS SIFT Workstation, --full additionally stages the SIFT toolchain
(via cast) and the Eric Zimmerman Tools:
cd ~
git clone https://github.com/Juwon1405/agentic-dart.git
cd agentic-dart
bash scripts/install.sh --full # drop --full for the lightweight installThe installer ends with an API-free health check. You can re-run it anytime:
python3 scripts/healthcheck.pyexport ANTHROPIC_API_KEY='sk-...'# Offline demo — no credentials needed (full loop + audit chain + bypass test)
bash examples/demo-run.sh
# A real evaluation case (needs the auth from Step 3)
python3 run_eval.py --case self-evaluation/case-01Offline-demo output ends with the architectural bypass proof:
[dart-agent] audit chain: chain verified, tail=<sha256-prefix>...
[demo] PASS — "ToolNotFound: 'execute_shell' is not exposed by dart-mcp"
export PYTHONPATH="$PWD/dart_audit/src:$PWD/dart_mcp/src:$PWD/dart_agent/src:$PWD/dart_corr/src"
python3 -m pytest tests/ dart_corr/tests/The incident host gets nothing installed — it runs the Velociraptor
offline collector (one standalone binary, one execution) and produces an
evidence.zip you copy back here. On this analysis server, convert it to an
evidence_root/ and analyse it with run_eval.py --evidence:
# A) from a Velociraptor collection ZIP shipped from the incident host
python3 -m dart_collector_adapter --source zip \
--input evidence.zip --output ./case-001/evidence_root --case-id case-001
# B) or from a forensic disk image (dead-disk, processed here — not on the host)
python3 -m dart_collector_adapter --source image \
--input /path/to/case.E01 --output ./case-001/evidence_root --case-id case-001
# then analyse (real cases want more iterations than the bundled demos)
python3 run_eval.py --evidence ./case-001/evidence_root --case-id case-001 --max-iterations 25The agent never writes to the evidence tree — that guarantee is architectural
(every path goes through _safe_resolve, and there is no write_file /
mount / execute_shell on the MCP wire), so a read-only mount is belt-and-
braces rather than the thing the safety depends on.
Each run writes a timestamped directory:
out/<tier>/<case-id>/<timestamp>/
├── findings.json typed findings (id, confidence, evidence summary)
├── report.json full run report + primary hypothesis
├── summary.json run metadata (model, evidence_root, usage)
└── audit.jsonl SHA-256-chained step-by-step trace
Verify the audit chain:
python3 -m dart_audit verify out/self-evaluation/case-01/<timestamp>/audit.jsonl
# -> chain verified: <entry-count> entries, tail=<sha256-prefix>...| Symptom | Fix |
|---|---|
ImportError: dart_mcp |
export PYTHONPATH="$PWD/dart_audit/src:$PWD/dart_mcp/src:$PWD/dart_agent/src" |
| Slow MFT correlation | SIFT VMs default to 4 GB RAM. Bump to 8 GB for >2M-row MFTs. |
EvidenceRootEscape error |
One of your tool args has a .. or absolute path. Check the call inputs. |
Verify says mismatch
|
Audit log was edited. Re-run; never edit audit.jsonl by hand. |
- Operator guide — distro-agnostic version of this guide
- Architecture deep dive
Agentic-DART — autonomous DFIR agent · architecture-first, not prompt-first · MIT license · github.com/Juwon1405/agentic-dart
- The Memex bet ⭐ Why this design
- About the name
- Architecture-first vs prompt-first
- Architecture deep dive
- Threat model
- Glossary
- dart-mcp — typed surface (native + SIFT adapters)
- dart-agent — senior-analyst loop
- dart-corr — cross-artifact correlation
- dart-audit — SHA-256 chained log
- dart-playbook — senior-analyst sequencing rules (v3 default)
- MCP function catalog (native + SIFT adapters)
- Comparison with adjacent tools
- FAQ
- Operator guide — distro-agnostic
- Running on SIFT
- Live mode
- Accuracy report
-
Roadmap ⭐ Phase 1 ~95% complete
- Phase 1 — Agentic DFIR ⭐ dedicated page · SANS submission
-
Phase 2 — Detection engineering
- The self-learning loop ⭐ design note
- Phase 3 — Agentic SOC
- Phase 4 — Broader agentic security