SIFT WorkstationSANS Investigative Forensic Toolkit | |
Download |
SIFT Workstation Ranking & Summary
Advertisement
- License:
- GPL
- Price:
- FREE
- Publisher Name:
- The SANS Institute
- Publisher web site:
- http://www.sans.org/
SIFT Workstation Tags
SIFT Workstation Description
SANS Investigative Forensic Toolkit SIFT (SANS Investigative Forensic Toolkit) Workstation is a Linux distribution for forensic tasks.SIFT Login/Password After downloading the toolkit, use the credentials below to gain access. * Login "sansforensics" * Password "forensics" * $ sudo su -- Use to elevate privileges to root while mounting disk images. PTK login * Login "admin" * Password "forensics"SIFT Workstation 2.0 CapabilitiesAbility to securely examine raw disks, multiple file systems, evidence formats. Places strict guidelines on how evidence is examined (read-only) verifying that the evidence has not changed. File system support: * Windows (MSDOS, FAT, VFAT, NTFS) * MAC (HFS) * Solaris (UFS) * Linux (EXT2/3) Evidence Image Support: * Expert Witness (E01) * RAW (dd) * Advanced Forensic Format (AFF) Software Includes: * The Sleuth Kit (File system Analysis Tools) * log2timeline (Timeline Generation Tool) * ssdeep & md5deep (Hashing Tools) * Foremost/Scalpel (File Carving) * WireShark (Network Forensics) * Vinetto (thumbs.db examination) * Pasco (IE Web History examination) * Rifiuti (Recycle Bin examination) * Volatility Framework (Memory Analysis) * DFLabs PTK (GUI Front-End for Sleuthkit) * Autopsy (GUI Front-End for Sleuthkit) * PyFLAG (GUI Log/Disk Examination) Key Directories in SANS SIFT Workstation * /forensics- Location of the files used for the Autopsy Toolset * /usr/local/src- Source files for Autopsy, The Sleuth Kit, and other tools * /usr/local/bin- Location of the forensic pre-compiled binaries * /cases- Location of your collected evidence * /mnt/hack- Location of the mount points for the file system images
SIFT Workstation Related Software