Difference between pages "Darik's Boot and Nuke" and "SANS Investigative Forensic Toolkit Workstation"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (Overview)
 
Line 1: Line 1:
{{Expand}}
+
'''The SANS SIFT Workstation''' is a [[VMware]] Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with [[Encase | Expert Witness Format]] (E01), Advanced Forensic Format ([[AFF]]), and raw (dd) evidence formats.
{{Infobox_Software |
+
  name = DBan |
+
  maintainer = Darik Horn |
+
  os =  |
+
  genre = {{Secure deletion}} |
+
  license =  |
+
  website = [http://dban.sf.net dban.sf.net] |
+
}}
+
  
 +
== Overview ==
  
'''D'''arik's '''B'''oot '''a'''nd '''N'''uke is a disk image that can create a bootable CD/DVD/Floppy/USB Device that can securely wipes the hard disks of most computers. Dban has support for all 32-bit x86 machines as well as [http://dban.sourceforge.net/beta/index.html beta] builds for Cisco Routers, Sparc, PowerPC and HP PA-RISC hardware architecture.  DBan is bundled with [[Eraser]]
+
SIFT Workstation is based on Ubuntu.
  
== Wipe Methods ==
+
Software Includes:
  
* Quick Erase
+
# [[The Sleuth Kit]]
* Canadian RCMP TSSIT OPS-II Standard Wipe
+
# [[ssdeep]] & [[md5deep]]
* American DoD 5220-22.M Standard Wipe
+
# [[Foremost]]/[[Scalpel]]
* Gutmann Wipe
+
# [[Wireshark]]
* PRNG Stream Wipe
+
# HexEditor
 +
# [[Vinetto]] ([[thumbs.db]] examination)
 +
# Pasco
 +
# Rifiuti
 +
# [[Volatility Framework]]
 +
# DFLabs PTK (GUI Front-End for [[Sleuthkit]])
 +
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
  
 +
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.
  
== External Links ==
+
== Links ==
* [http://dban.sourceforge.net/ Official website]
+
* [http://sourceforge.net/forum/forum.php?forum_id=208932 Support Forum]
+
  
[[Category:Anti-forensics tools]]
+
* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]
 +
[[Category:VMWare Appliances]]

Revision as of 08:21, 24 February 2012

The SANS SIFT Workstation is a VMware Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats.

Overview

SIFT Workstation is based on Ubuntu.

Software Includes:

  1. The Sleuth Kit
  2. ssdeep & md5deep
  3. Foremost/Scalpel
  4. Wireshark
  5. HexEditor
  6. Vinetto (thumbs.db examination)
  7. Pasco
  8. Rifiuti
  9. Volatility Framework
  10. DFLabs PTK (GUI Front-End for Sleuthkit)
  11. Autopsy (GUI Front-End for Sleuthkit)

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.

Links