Difference between pages "Books" and "SANS Investigative Forensic Toolkit Workstation"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(German)
 
m
 
Line 1: Line 1:
=General books about forensics=
+
'''The SANS SIFT Workstation''' is a [[VMware]] Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with [[Encase | Expert Witness Format]] (E01), Advanced Forensic Format ([[AFF]]), and raw (dd) evidence formats.
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%"|Title
+
! width="20%"|Author
+
! width="10%"|ISBN
+
! width="20%"|Publisher
+
! width="10%"|Publication Date
+
! width="10%"|Comment
+
|-
+
|[http://www.amazon.com/gp/product/0849381274/ Principles and Practice of Criminalistics: The Profession of Forensic Science]
+
|Keith Inman and Norah Rudin
+
|0849381274
+
|CRC Press
+
|Aug 29, 2000
+
|Highly Recommended
+
|-
+
|[http://www.amazon.com/gp/product/0130910589/ Forensic Science Handbook, Volume I (2nd Edition)]
+
|Richard E. Saferstein, Ed.
+
|0130910589
+
|Prentice Hall
+
|Jun 5, 2001
+
|-
+
|[http://www.amazon.com/gp/product/013112434X/ Forensic Science Handbook, Volume II (2nd Edition)]
+
|Richard E. Saferstein, Ed.
+
|013112434X
+
|Prentice Hall
+
|Oct 8, 2004
+
|-
+
|[http://www.amazon.com/gp/product/0133253902/ Forensic Science Handbook, Volume III]
+
|Richard E. Saferstein, Ed.
+
|0133253902
+
|Prentice Hall
+
|Apr 22, 1993
+
|-
+
|[http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=2747&parent_id=411&pc= Forensic Science: An Introduction to Scientific and Investigative Techniques, Second Edition]
+
|Stuart James and Jon J Nordby
+
|0849327474
+
|CRC Press
+
|Feb 10, 2005
+
|-
+
|[http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=0860&parent_id=411&pc= Ethics in Forensic Science: Professional Standards for the Practice of Criminalistics]
+
|Peter D Barnett
+
|0849308607
+
|CRC Press
+
|Jun 27, 2001
+
|-
+
|}
+
  
=Books about computer forensics=
+
== Overview ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%"|Title
+
! width="20%"|Author
+
! width="10%"|ISBN
+
! width="20%"|Publisher
+
! width="10%"|Publication Date
+
! width="10%"|Comment
+
|-
+
|[http://www.awprofessional.com/title/0321268172 File System Forensic Analysis]
+
|[[Brian Carrier]]
+
|0321268172
+
|Addision-Wesley
+
|Mar 27, 2005
+
|(Highly recommended)
+
|-
+
|[http://www.amazon.com/gp/product/020163497X Forensic Discovery]
+
|Dan Farmer and Wietse Venema
+
|0321703251
+
|Addison-Wesley
+
|Dec 28, 2009
+
|[http://www.porcupine.org/forensics/forensic-discovery/ HTML version] of the book is freely available online.
+
|-
+
|[http://www.amazon.com/gp/product/0121631044 Digital Evidence and Computer Crime] Second Edition
+
|Eoghan Casey
+
|0121631044
+
|Academic Press
+
|Mar 22, 2004
+
|-
+
|[http://books.mcgraw-hill.com/getbook.php?isbn=007222696X Incident Response & Computer Forensics, Second Edition]
+
|Kevin Mandia, Chris Prosise & Matt Pepe
+
|007222696X
+
|McGraw-Hill/Osborne
+
|Jul 17, 2003
+
|-
+
|[http://www.awprofessional.com/bookstore/product.asp?isbn=0321200985&rl=1 Windows Forensics and Incident Recovery]
+
|[[Harlan Carvey]]
+
|0321200985
+
|Addison Wesley Professional
+
|Jul 21, 2004
+
|-
+
|[http://www.ncjrs.gov/pdffiles1/nij/199408.pdf Forensic Examination of Digital Evidence: A Guide for Law Enforcement]
+
|NCJ 199408
+
|
+
|National Institute of Justice
+
|April 2004
+
|Special Report
+
|-
+
|[http://www.ncjrs.gov/pdffiles1/nij/187736.pdf Electronic Crime Scene Investigation: A Guide for First Responders]
+
|NCJ 187736
+
|
+
|National Institute of Justice
+
|July 2001
+
|NIJ Guide
+
|-
+
|[http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=2218&parent_id=411&pc= Investigating Computer-Related Crime]
+
|Peter Stephenson
+
|0849322189
+
|CRC Press
+
|Sep 28, 1999
+
|-
+
|[http://www.crcpress.com/shopping_cart/products/product_detail.asp?id=&parent_id=411&sku=AU2433&pc= Investigator's Guide to Steganography]
+
|Gregory Kipper
+
|0849324335
+
|Auerbach Publications
+
|Oct 27, 2003
+
|-
+
|[http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=AU0955&parent_id=411&pc= Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes]
+
|Albert J Marcella, Jr. and Robert S Greenfield
+
|0849309557
+
|Auerbach Publications
+
|Jan 23, 2002
+
|-
+
|[http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=8158&parent_id=411&pc= Investigating Computer Crime]
+
|Franklin Clark and Ken Diliberto
+
|0849381584
+
|CRC Press
+
|Jul 11, 1996
+
|-
+
|[http://www.syngress.com/catalog/?pid=4230 Windows Forensic Analysis]
+
|[[Harlan Carvey]]
+
|159749156X
+
|Syngress (Elsevier)
+
|May 21, 2007
+
|-
+
|[http://www.syngress.com/catalog/?pid=4220 CD and DVD Forensics]
+
|[[Paul Crowley]] and [[Dave Kleiman]](Technical Editor)
+
|1597491284
+
|Syngress
+
|Nov 8, 2006
+
|-
+
|[http://www.sybex.com/WileyCDA/SybexTitle/productCd-0470097620.html Mastering Windows Network Forensics and Investigation]
+
|Steven Anson and Steve Bunting
+
|9780470097625
+
|Sybex
+
|April 2007
+
|-
+
|}
+
  
=Books in other languages=
+
SIFT Workstation is based on Fedora.
  
=== German ===
+
Software Includes:  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%"|Title
+
! width="20%"|Author
+
! width="10%"|ISBN
+
! width="20%"|Publisher
+
! width="10%"|Publication Date
+
! width="10%"|Comment
+
|-
+
|[http://www.dpunkt.de/buecher/3-89864-379-4.html Computer-Forensik], 2nd edition
+
|Alexander Geschonneck
+
|3898643794
+
|
+
|2006
+
|[http://www.computer-forensik.org/ Errata] and blog of the author
+
|-
+
|}
+
  
=== Italian ===
+
# [[The Sleuth Kit]]
* [http://www.apogeonline.com/libri/88-503-2593-2/scheda Computer Forensics] 1st edition, by Andrea Ghirardini and Gabriele Faggioli, Apoge, 2007 (ISBN 8850325932).
+
# [[ssdeep]] & [[md5deep]]
 +
# [[Foremost]]/[[Scalpel]]
 +
# [[Wireshark]]
 +
# HexEditor
 +
# [[Vinetto]] ([[thumbs.db]] examination)
 +
# Pasco
 +
# Rifiuti
 +
# [[Volatility Framework]]
 +
# DFLabs PTK (GUI Front-End for [[Sleuthkit]])
 +
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
  
=== Portuguese ===
+
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.
* [http://www.brasport.com.br/index.php?Escolha=8&Livro=L00194 Perícia Forense Aplicada à Informática] 1st edition, by Andrey Rodrigues de Freitas, Brasport, 2006 (ISBN 8574522260).
+
  
=== Russian ===
+
== Links ==
  
* [http://forensics.ru/ Форензика – компьютерная криминалистика], by N. N. Fedotov.
+
* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]
 +
[[Category:VMWare Appliances]]

Revision as of 17:29, 3 October 2011

The SANS SIFT Workstation is a VMware Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats.

Overview

SIFT Workstation is based on Fedora.

Software Includes:

  1. The Sleuth Kit
  2. ssdeep & md5deep
  3. Foremost/Scalpel
  4. Wireshark
  5. HexEditor
  6. Vinetto (thumbs.db examination)
  7. Pasco
  8. Rifiuti
  9. Volatility Framework
  10. DFLabs PTK (GUI Front-End for Sleuthkit)
  11. Autopsy (GUI Front-End for Sleuthkit)

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.

Links