SIFT Workstation SANS Investigative Forensic Toolkit
Download

SIFT Workstation Ranking & Summary

SIFT Workstation Tags

linux operating system distribution Linux distribution forensic Forensic Toolkit

SIFT Workstation Description

SANS Investigative Forensic Toolkit SIFT (SANS Investigative Forensic Toolkit) Workstation is a Linux distribution for forensic tasks.SIFT Login/Password After downloading the toolkit, use the credentials below to gain access. * Login "sansforensics" * Password "forensics" * $ sudo su -- Use to elevate privileges to root while mounting disk images. PTK login * Login "admin" * Password "forensics"SIFT Workstation 2.0 CapabilitiesAbility to securely examine raw disks, multiple file systems, evidence formats. Places strict guidelines on how evidence is examined (read-only) verifying that the evidence has not changed. File system support: * Windows (MSDOS, FAT, VFAT, NTFS) * MAC (HFS) * Solaris (UFS) * Linux (EXT2/3) Evidence Image Support: * Expert Witness (E01) * RAW (dd) * Advanced Forensic Format (AFF) Software Includes: * The Sleuth Kit (File system Analysis Tools) * log2timeline (Timeline Generation Tool) * ssdeep & md5deep (Hashing Tools) * Foremost/Scalpel (File Carving) * WireShark (Network Forensics) * Vinetto (thumbs.db examination) * Pasco (IE Web History examination) * Rifiuti (Recycle Bin examination) * Volatility Framework (Memory Analysis) * DFLabs PTK (GUI Front-End for Sleuthkit) * Autopsy (GUI Front-End for Sleuthkit) * PyFLAG (GUI Log/Disk Examination) Key Directories in SANS SIFT Workstation * /forensics- Location of the files used for the Autopsy Toolset * /usr/local/src- Source files for Autopsy, The Sleuth Kit, and other tools * /usr/local/bin- Location of the forensic pre-compiled binaries * /cases- Location of your collected evidence * /mnt/hack- Location of the mount points for the file system images

SIFT Workstation Related Software