Difference between pages "SANS Investigative Forensic Toolkit Workstation" and "YAFFS"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m (Overview)
 
m
 
Line 1: Line 1:
'''The SANS SIFT Workstation''' is a [[VMware]] Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with [[Encase | Expert Witness Format]] (E01), Advanced Forensic Format ([[AFF]]), and raw (dd) evidence formats.
+
YAFFS is Yet Another Flash File System, a flash file system for Linux used on many small devices.
  
== Overview ==
+
==See Also==
 
+
* [[Setting up a Flash Emulator]]
SIFT Workstation is based on Ubuntu.
+
* http://www.ebdev.com/EOS/YAFFS-FileSystem.pdf - The Linux MTD, YAFFS Howto
 
+
* http://www.yaffs.net/howto-incorporate-yaffs - How to incorporate YAFFS as a root fs on Linux
Software Includes:
+
 
+
# [[The Sleuth Kit]]
+
# [[ssdeep]] & [[md5deep]]
+
# [[Foremost]]/[[Scalpel]]
+
# [[Wireshark]]
+
# HexEditor
+
# [[Vinetto]] ([[thumbs.db]] examination)
+
# Pasco
+
# Rifiuti
+
# [[Volatility Framework]]
+
# DFLabs PTK (GUI Front-End for [[Sleuthkit]])
+
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
+
 
+
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.
+
 
+
== Links ==
+
 
+
* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]
+
[[Category:VMWare Appliances]]
+

Latest revision as of 06:08, 22 December 2010

YAFFS is Yet Another Flash File System, a flash file system for Linux used on many small devices.

See Also