Pre-install Setup Guide – Windows 7

back

WINDOWS 7 -64 bit only

Forensics Machine Setup + ILooKIX and SQL Server 2008 – 32/64 bit Database engine Pre-Install Setup Guide Version 1.06 06/10/10

Operating Systems Supported :  Virtual Linux – Apple – Windows Computing using Virtualbox – Including the use of “IXvm ‘s ©, created by ILooKIX, running Win 7 64 bit only.

Virtual Computing is supported for Oracle ©VirtualBox, VMware© 6.53 and above in Windows© and VMware Fusion 2.0+ and above in Apple© OS X (Intel).

Physical Machine Computing

  • Microsoft Windows 7 – 64 bit only with 4 GB RAM, Ultimate, Enterprise onlyNote : NO HOME or STARTER versions are supported on any platform

All commands in RED are Mandatory for ILooKIX Installs, without regard to SQL Server installation

No Steps below can be skipped or omitted from consideration

We welcome any suggestions you may have in ensuring a highly successful installation and use of ILooKIX. If you have any problems in the installation points noted here, please email ==> installation@perlustro.com .

Step 1.

Make a system restore point or physical image prior to taking any action relative to this memorandum.  Download from the Internet, the two files in item 9 below.

Step 2.

Completely remove any Anti-virus software on the machine prior to installing SQL Server – regardless of manufacturer. Norton Antivirus: Please try the norton antivirus removal tool. If this fails, you may wish to attempt removal using these notes and others. (Perlustro is not responsible for the content on these pages)

Step 3.

Cold Boot the machine, and do an in-depth examination of the Event logs after restart.  Mass storage device errors will cause any installation to fail, as will DCOM errors due to an outdated bios.

Step 4.

You cannot use ANY compressed file systems for ANY ILooKIX storage locations, boot disk or control points, without exception.

Step 5.

Please login now as an administrator level user requiring a password, but one NOT NAMED “Administrator”.  An account who is able to create user accounts and change system settings. YOU MUST have a password assigned to the account, otherwise, create such a user and log back on.  If in doubt as to your current user security settings, check this information : http://support.microsoft.com/kb/313222

Step 5.a REMOVE the UAC control setting on the machine. You may use either of the following methods to achieve this:

Click for larger image

Click for larger image

Run Control panel (Start -> Control Panel), select “User Accounts” then “Change User Account Control” settings. Move the slider all the way to the bottom, as shown in the thumbnail. You will then need to restart your computer.

Click for larger image

Secpol method

From a command prompt, or the “Run” command, run “secpol.msc”, and change the behavior of the UAC prompt itself by changing this user setting :

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” to ==> Elevate without prompting.

You will also need to change the following setting:
User Account Control: Run all administrators in Admin Approval Mode” to ==> Disabled

Step 5.b – This account must also have DEBUG permissions separately assigned from User Security Rights. If you are unsure how to do this use the URL==> Debug Permission guide.

Step 5.c – This account must have FULL CONTROL permissions assigned to the root of the boot disk.  

1 – At the ROOT of the boot drive :

2. – ADD “Authenticated User” to the user account, and give FULL CONTROL, then add the current USER account as well :

3. – CASCADE permissions for the Admin account and Authenticated User or Everyone, and CURRENT USER with full control, through the entire boot drive structure. Additionally, take the same action for your current logged on user name. Note, you must do this ONLY after making the three accounts FULL CONTROL.

Review the URL==> File System Permissions guide for information about changing the permissions of the root folder of the boot drive if you are unsure of the method to use. Some permissions on 64 bit OS’s will fail to attach to some folders as full control is propagated – such as Program Files – but these can be individually skipped.

Step 5.d – Of critical importance : Disable DEP and Enable PAE using the URL==> Disable DEP guide. Check the BIOS of the computer to ensure DEP is disabled completely in hardware as well. If the CPU supports Hyper V technology and it is not enabled,  enable it at this time in order to run VirtualBox and Vmware.

Step 5.e – Disable Windows Defender by following the URL==> Windows Defender guide.

Step 6.

Insure,  that the machine has no mechanical failure points for device connectivity and storage systems . Passmark, a well respected test application software suite of tools, has test software which has been found to greatly assist in the identification of hardware problems that could inhibit a successful installation or use of ILooKIX.

Step 7.

You MUST determine if any version of SQL Server is installed on the computer using the URL==> SQL Server removal guide. If any version is installed,  other than 08, it must now be removed using that guide before you continue the install. The removal MUST presume that there is no network connectivity to the machine if there is an instance already on the machine which must be removed.


Right Click Here, (save as/ save link as) to Download the ILooKIX Test platform executable named jpg, and make certain that you pass each test before continuing.

Rename the file to .7z from .jpg and Un7Zip to your desktop or a temp folder

Step 8.

Download the components in Step 9, then Unplug your network connection and stop your wifi. In addition, disable all NIC’s for the remainder of the process, if not already disabled.

Then execute ===> c:\ipconfig /release

COLD BOOT THE SYSTEM (IF you do not do this, you may inadvertently install Sqlserver onto a network machine)

Step 9.

For 64 Bit Windows 7 ONLY – Install Sqlserver by picking the correct answer  and using this URL for the installation instructions ==>SQL Server Express Installation guide

1.  I have no Version of Sqlserver on this machine and I want to be up and running in 10 minutes without waiting on my Perlustro DVD, what do I install?

Ans :  Get ==>  http://www.microsoft.com/downloads/details.aspx?FamilyID=967225eb-207b-4950-91df-eeb5f35a80ee&displaylang=en Create an Instance name of “ILOOKIX08R2X”

2. I already have Express 2008 non R2, should I remove it first ?

Ans: No, not until you have a new instance installation of R2 2008 server, noted in item 1 or from Perlustro.

3. I already have the Perlustro DVD SQl server2008 NON R2 install, what do I do, take it off or upgrade ?

Ans:  Leave it in place until you receive your new 2008-R2 Perlustro DVD, at that time use the instructions in Item 1 above to install or the ones on the DVD received.  Note  : the ILooKIX files will not be compatible except going forward between DB versions, hence existing control points must continue to use the original version they were created with.

4.  I want to upgrade my NON R2 express version I have now, to the Perlustro full version of NON R2, can I do that now without going to R2 full Perlustro version ?

Ans : Yes if you follow this instruction first :

a.  Install the DVD Svr 08 by copying the full contents to a temp folder and execute setup.exe using the guide in Step 1 above, to complete the install but do NOT reboot.

b.  Before rebooting, download the Sp1 for SQL 08 NON R2, and install it using this download url ==>http://download.microsoft.com/download/1/6/3/163A851B-D956-42E9-B426-F5C0EBE6B654/SQLServer2008SP1-KB968369-x64-ENU.exe

Now that the installation is finished, determine if any version of SQL Server is visible to the machine with the cmd shell commands as follows : [run as Admin]:

C:\sqlcmd –L …………[if any server name + instance name returns, you have SQL Server installed correctly]

If the instance name does not return, and 30 seconds passes with no response then Open an ADMIN Command Prompt window, and type “sqlcmd -S myServer\instanceName”. Replace “myServer\instanceName” with the name of the computer and the instance of SQL Server that you want to connect to (SQLEXPRESS). Press ENTER. The sqlcmd prompt (1>) indicates that you are connected to the specified instance of SQL Server and is a successful response.

Step 11.

Ensure that your video resolution is at least 1024 x 768, 16 bit color. If you do not meet this requirement, you will see this installation error when you attempt to install ILooKIX later. This is particular important if you are in a virtual machine where VirtualBox will not function unless the guest system will hold the above settings.

resolution message failure


Step 12.

Set the Swap file to equal max- min values of 3 x Ram. You will then need to reboot your computer.  Preferably, defrag your machine before setting the swap file in place.  Any machine should be defragged with a minimum 400 meg min/max swap file in place FIRST, regardless of OS.

Step 13.

Using Start>Programs>SqlServer Managment Studio, test the SqlServer install as a final check before installing ILooKIX.  There is just one last test to be certain SQL Server is ready for ILooKIX use, or any other Database use ;  which is to user CONNECT to the SQL Server instance using by using this URL guide ==> Using Management Studio For SQL Server 2008. If you make a connection to Sqlserver you are finished with all required pre-install changes.

ILooKIX will now install without any further system changes. Follow your download instructions to complete that installation or to convert from a Demo to a full version.

Then, commit the Post-ILooKIX changes below.

Within the group of related documents noted here, some issues are merely suggestions based on experience accumulated by examining problems before or after an ILooKIX installation. Many of the points presented here are well understood by experienced forensics practitioners, but some may not be considerations in your particular setup. They are offered only for the value you might find in using them as a checklist of general forensics issues for a machine to run ILooKIX. But, ILooKIX will not run without a functional SQL Server installation, and that is a core constraint on the requirements of the application.

Post-ILooKIX Install Mandatory changes :

STEP 14.  After the installation of ILooKIX, you must enact the requirements for URL==> Post Installation Mandatory Changes,  Starting at Item 3 in win 7 , and continuing, in order to successfully run ILooKIX.

This Mandatory Changes document primarily raises the issues that are encountered on existing hardware / software systems, already in forensics use, and usually more than 1 year old. But, these systems may not be “conditioned” for computer forensics examinations using ILooKIX.

We hope this guide and others noted on the Overview page, will allow a smooth transition to SQL Server Express in a cost free method to determine the viability of your base system for installing ILooKIX.

back