Sift
From Handwiki | Developer(s) | Rob Lee Harbingers LLC |
|---|---|
| Initial release | December 13, 2008 |
| Repository | github.com/sans-dfir/sift |
| Operating system | Ubuntu |
| Available in | English |
| Type | Computer forensics |
| Website | digital-forensics.sans.org |
SIFT is a computer forensics distribution that installs all necessary tools on Ubuntu to perform a detailed digital forensic and incident response examination. It is compatible with expert witness format (E01), advanced forensic format (AFF), raw (dd), and memory analysis evidence formats.
Use
The toolkit has the ability to securely examine raw disks, multiple file systems, and evidence formats. It places strict guidelines on how evidence is examined (read-only), verifying that the evidence has not changed.
File system support
- Windows (MS-DOS, FAT, VFAT, NTFS)
- Mac (HFS)
- Solaris (UFS)
- Linux (ext2/3)
Evidence image support
- Expert Witness (E01/L01)
- RAW (dd)
- Advanced Forensic Format (AFF)
*Memory Forensics Images
Software[1]
- The Sleuth Kit (file system analysis tools)
- Plaso and log2timeline (timeline generation tools)
- ssdeep & md5deep (hashing tools)
- Foremost/Scalpel (file carving)
- Wireshark (network forensics)
- Volatility Framework (memory analysis)
- Autopsy (GUI front-end for Sleuthkit)
Features
1) Ubuntu LTS 16.04 Base
2) 64-bit base system
3) Auto-DFIR package update and customization.
4) VMware appliance ready to tackle forensics.
5) Cross-compatibility between Windows and Linux.
6) Choice to install stand-alone via (.iso) or use VMware player/Workstation.
References
- ↑ "Investigate and fight cyberattacks with SIFT Workstation". https://www.sans.org/blog/investigate-and-fight-cyberattacks-with-sift-workstation/.
External links
- SANS Digital Forensics and Incident Response website
 |  |
Categories: [Hard disk software] [Computer forensics] [Digital forensics software]
↧ Download as ZWI file | Last modified: 07/17/2024 01:55:51 | 4 views
☰ Source: https://handwiki.org/wiki/Software:SIFT | License: CC BY-SA 3.0
KSF