The current recommended way is to install via SIFT commandline (sift-cli) as opposed to using the older bootstrap method or saltstack.
The following steps are what I did on my installation of Ubuntu 16.04 (Xenial Xerus):
1) Download the latest release files
Note: grab the latest release files from https://github.com/sans-dfir/sift-cli/releases/latest (version 1.5.1 at the time of writing).
$ wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux $ wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux.sha256.asc
2) (Optional) Verify downloaded files
Grab the PGP key and verify the signed SHA256 signature.
$ gpg --keyserver pgp.mit.edu --recv-keys 22598A94 $ gpg --verify sift-cli-linux.sha256.asc $ shasum -a 256 -c sift-cli-linux.sha256.asc OR sha256sum -c sift-cli-linux.sha256.asc
3) 'Install' sift-cli
$ sudo mv sift-cli-linux /usr/local/bin/sift $ chmod 755 /usr/local/bin/sift
4) Use sift-cli to install latest SIFT
$ sudo sift install
Wait for it to finish (took pretty long on my installation) and you're done!
Some other useful commands for keeping your SIFT installation up to date:
Update existing VM:
$ sift update
Upgrade to new release:
$ sift upgrade
