asc.dfir.dfir_win10 role – Deploy Windows 10 DFIR analisys virtual machines

Note

This role is part of the asc.dfir collection (version 1.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: git clone git@ssh.dev.azure.com:v3/cloudasc/iac-ansible-collections/dfir $HOME/.ansible/collections/ansible_collections/asc/dfir.

To use it in a playbook, specify: asc.dfir.dfir_win10.

Entry point main – Deploy Windows 10 DFIR analisys virtual machines

Synopsis

• Deploy Windows 10 DFIR analisys virtual machines

• One or multiple VMs can be deployed

• The VMs are configured with multiple common tools for DFIR

Parameters

Parameter	Comments
dfir_win10 dictionary	‘dfir_win10’ role configuration
enabled boolean	Whether to enable the ‘dfir_win10’ role Choices: false ← (default) true
vm_count integer	Number of VMs to deploy (based on user tags) Default: 1
vm_name_prefix string	Prefix for the VM name Default: "w10dfir"
vm_size string	Size of the VM to deploy (Azure VM size) Default: "Standard_B2ms"
winvm_user string	Username for the VM Default: "dfir"

Authors

• Ignace De Cock

• Lorenzo Bernardi

Collection links

• Issue Tracker
• Repository (Sources)