SIFT

SIFT
Developer(s)	Rob Lee Harbingers LLC
Initial release	December 13, 2008
Repository	github.com/sans-dfir/sift
Operating system	Ubuntu
Available in	English
Type	Computer forensics
Website	digital-forensics.sans.org

SIFT is a computer forensics distribution that installs all necessary tools on Ubuntu to perform a detailed digital forensic and incident response examination. It is compatible with expert witness format (E01), advanced forensic format (AFF), raw (dd), and memory analysis evidence formats.

Use

The toolkit has the ability to securely examine raw disks, multiple file systems, and evidence formats. It places strict guidelines on how evidence is examined (read-only), verifying that the evidence has not changed.

File system support

Windows (MS-DOS, FAT, VFAT, NTFS)
Mac (HFS)
Solaris (UFS)
Linux (ext2/3)

Evidence image support

Expert Witness (E01/L01)
RAW (dd)
Advanced Forensic Format (AFF)

*Memory Forensics Images

Software^[1]

The Sleuth Kit (file system analysis tools)
Plaso and log2timeline (timeline generation tools)
ssdeep & md5deep (hashing tools)
Foremost/Scalpel (file carving)
Wireshark (network forensics)
Volatility Framework (memory analysis)
Autopsy (GUI front-end for Sleuthkit)

Features

1) Ubuntu LTS 16.04 Base

2) 64-bit base system

3) Auto-DFIR package update and customization.

4) VMware appliance ready to tackle forensics.

5) Cross-compatibility between Windows and Linux.

6) Choice to install stand-alone via (.iso) or use VMware player/Workstation.

References

↑ "Investigate and fight cyberattacks with SIFT Workstation". https://www.sans.org/blog/investigate-and-fight-cyberattacks-with-sift-workstation/.

External links

SANS Digital Forensics and Incident Response website

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/SIFT (software). Read more

[1] "Investigate and fight cyberattacks with SIFT Workstation". https://www.sans.org/blog/investigate-and-fight-cyberattacks-with-sift-workstation/.

[1]

v t e Digital forensics
Branches	Computer forensics Mobile device forensics Network forensics Database forensics
Hardware	Forensic disk controller
Software	ADF Solutions Digital Evidence Investigator EnCase Foremost FTK Registry Recon PTK Forensics The Sleuth Kit The Coroner's Toolkit COFEE HashKeeper Xplico
Certification	Certified Forensic Computer Examiner (CFCE) Global Information Assurance Certification
Processes	Digital forensic process Data acquisition Digital evidence eDiscovery Anti-computer forensics
Organisations	National Software Reference Library American Society of Digital Forensics & eDiscovery Department of Defense Cyber Crime Center National Hi-Tech Crime Unit (NHTCU) Australian High Tech Crime Centre (AHTCC)
People	Mary Aiken Annie Antón Rebecca Bace Josh Brunty Eoghan Casey Hany Farid Simson Garfinkel Clifford Stoll Erik Laykin Robert Zeidman
Glossary of digital forensics terms

SIFT

Topic: Software

Contents

Use

File system support

Evidence image support

Software^[1]

Features

References

External links

SIFT

Topic: Software

Use

File system support

Evidence image support

Software[1]

Features

References

External links

Software^[1]