Quick start: from a fresh installation to your first analysis

This section will guide you through getting started with REVEN. By following this guide you will go from a fresh, working installation of REVEN to your first scenario and first analysis.

This guide makes the following assumptions about your environment:

  • You have a working installation of REVEN - if not, please see the Installation section first.
  • Both your machine and the machine on which REVEN is installed (they can be the same machine!) have an active Internet access. This is to retrieve some resources online. If working from an airgapped network, you will need to retrieve these resources through your standard procedures to be able to follow this guide.

This section will guide you through the following steps:

  1. Import a first Virtual Machine (VM) so we have a guest environment to record. You will:
    1. Download a VM disk image from an Internet resource.
    2. Import this disk image into REVEN.
    3. Configure the guest to make it a good recording environment.
    4. Save a VM live snapshot you can use to record software later on.
  2. Record your first scenario. You will:
    1. Create a new scenario.
    2. Record the execution of a system binary such as hostname.
    3. Replay the scenario.
  3. Start analyzing that scenario. You will:
    1. Open Axion, the analysis GUI, on this scenario.
    2. Follow the built-in analysis tutorial.

Once you have followed all these steps, you will be ready to record your own scenarios using the existing environment, or import VMs of your own.

To start, please head over to the first section: Import a first VM.