Difference between revisions of "SANS Investigative Forensic Toolkit Workstation"

Revision as of 17:29, 3 October 2011

The SANS SIFT Workstation is a VMware Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats.

Overview

SIFT Workstation is based on Fedora.

Software Includes:

The Sleuth Kit
ssdeep & md5deep
Foremost/Scalpel
Wireshark
HexEditor
Vinetto (thumbs.db examination)
Pasco
Rifiuti
Volatility Framework
DFLabs PTK (GUI Front-End for Sleuthkit)
Autopsy (GUI Front-End for Sleuthkit)

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.

Links

Computer Forensics and e-Discovery downloads

Revision as of 13:51, 15 January 2009 (view source) Jessek (Talk \| contribs) m (Fixed up volatility link) ← Older edit		Revision as of 17:29, 3 October 2011 (view source) Simsong (Talk \| contribs) m Newer edit →
Line 24:		Line 24:

	* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]		* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]
		+	[[Category:VMWare Appliances]]

Difference between revisions of "SANS Investigative Forensic Toolkit Workstation"

Revision as of 17:29, 3 October 2011

Overview

Links

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation:

About forensicswiki.org:

Toolbox