Overview

This article outlines how to install Cassandra and the KFF (Known File Filter), import the provided NSRL hash set, and configure it to work with our software.


Download

Known File Filter (KFF) Compatible with 5.6 and up

 

Process

Install the KFF

  1. Download and install Java 8u161. 
  2. Mount the KFF ISO and run Autorun.exe.
  3. Click Cassandra 64 bit.
  4. Follow the wizard to complete the Cassandra installation.
    Note: In a multi-box setup, you must check Enable Remote Access checkbox in the Remote Access Settings dialog and enter the machine name in the Enter the IP Address or DNS Name of this machine on the network field. This will be the RPC Address for Cassandra.
  5. Back at the autorun menu, click Install KFF Import Utility 64 bit.
  6. Follow the wizard to complete the KFF Import Utility installation.

 

Import the NSRL Data

  1. Extract the contents of the nsrlsource_2.54.zip found on the root of the ISO.
  2. Launch the KFF Import Utility.
  3. In the Server Address field, enter the RPC Address for Cassandra.
  4. Next to the File to import field, browse to the NSRLFile.txt extracted in step 1.
  5. Click Import.
    Note: The import process can take several hours, but progress can be seen in the progress bar in the lower-left, and it will give you a popup when the import is complete.


Configure FTK/Lab/Enterprise

  1. Log in to FTK/Lab/Enterprise and go to Tools > Preferences.
  2. Click Configure KFF.
  3. In the Server Address field, enter the RPC Address for Cassandra.
  4. Click Test Server to verify FTK/Lab/Enterprise can connect to Cassandra.
  5. Click Save.


Configure FTK Central

  1. Navigate to the Forensic Tools installation folder (typically "<drive>:\Program Files\AccessData\Forensic Tools\<version>\bin").
  2. Open ADG.WeblabSelfHost.exe.config in a text editor.
  3. Modify the KFFServerURL key's value to contain Cassandra's RPC Address, as shown below:
    <add key="KFFServerURL" value="WIN-F4EEK4G22J6:9042" />
  4. Save the changes.
  5. Restart the AccessData Exterro Self Host Service.