It has been some days since SANS released an updated version of SIFT or the SANS Investigative Forensic Toolkit. We spoke about SIFT here.
“The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.”
This version has the following utilities packed with it:
File system support:
* Windows (MSDOS, FAT, VFAT, NTFS)
* MAC (HFS)
* Solaris (UFS)
* Linux (EXT2/3)
Evidence Image Support:
* Expert Witness (E01)
* RAW (dd)
* Advanced Forensic Format (AFF)
Software Includes:
* The Sleuth Kit (File system Analysis Tools)
* log2timeline (Timeline Generation Tool)
* ssdeep & md5deep (Hashing Tools)
* Foremost/Scalpel (File Carving)
* WireShark (Network Forensics)
* Vinetto (thumbs.db examination)
* Pasco (IE Web History examination)
* Rifiuti (Recycle Bin examination)
* Volatility Framework (Memory Analysis)
* DFLabs PTK (GUI Front-End for Sleuthkit)
* Autopsy (GUI Front-End for Sleuthkit)
* PyFLAG (GUI Log/Disk Examination)
Key Directories in SANS SIFT Workstation:
* /forensics
o Location of the files used for the Autopsy Toolset
* /usr/local/src
o Source files for Autopsy, The Sleuth Kit, and other tools
* /usr/local/bin
o Location of the forensic pre-compiled binaries
* /cases
o Location of your collected evidence
* /mnt/hack
o Location of the mount points for the file system images
You will need a SANS user account to download SIFT. You can download SIFT version 2 here. Oh yes! You also have a nice SIFT cheatsheet on the download page!
Searches leading to this post:forensic tool kit for cell, Investigative Forensic Toolkit SIFT, performing forensics on a windows vista, SANS Investigative Forensic Toolkit (SIFT) Workstatio, sans investigative framework, sift 2 toolkit
