VM-EDU is a Packer and Vagrant VM factory for two courses: Digital Forensics and Incident Response (DFIR) & Malware Analysis. This project automates the process of creating and configuring virtual machines for educational purposes.
.
├── README.md
├── packer
│ ├── configs
│ └── scripts
│ └── windows_10_22h2_base.json
└── vagrant
├── dfir
├── malware_analysis
└── scripts
windows_10_22h2_base.json
: Packer template for building the Windows 10 VM.configs
: Contains the Autounattend.xml for unattended installations and a template for customizing the Vagrant environment.scripts
: Scripts for configuring the Windows environment during the Packer build process.
dfir
&malware_analysis
: Directories containing Vagrantfiles for setting up environments specific to DFIR and malware analysis.scripts
: Provisioning scripts used by Vagrant to install and configure tools in the VMs.
- Packer
- Vagrant
- VirtualBox (or any other provider supported by Vagrant and Packer)
- Clone this repository to your local machine.
- Navigate to the
packer
directory and build the base Windows 10 22H2 image with Packer:cd packer packer build windows_10_22h2_base.json
- After the build is complete, navigate to the
vagrant
directory and add the generated box to Vagrant:cd ../vagrant vagrant box add --name windows_10_analyst ../packer/windows_10_analyst_virtualbox.box
- Navigate to either the
dfir
ormalware_analysis
directory and start the Vagrant environment:cd dfir vagrant up
After setting up the Vagrant environment, you can access the VMs via VirtualBox or any other VM provider you've used. The environments come pre-configured with tools and settings suitable for DFIR or malware analysis.
Contributions are welcome! Please fork the repository and submit pull requests with your improvements.
- Thanks to all the open-source tools and their maintainers that made this project possible.
- Much thanks to Flare-VM for the setup of the malware analysis VM.
- Special thanks to Chocolatey for simplifying software installations on Windows.