Difference between revisions of "SANS Investigative Forensic Toolkit Workstation"

From ForensicsWiki
Jump to: navigation, search
m
m
 
(One intermediate revision by one other user not shown)
Line 3: Line 3:
 
== Overview ==
 
== Overview ==
  
SIFT Workstation is based on Fedora.
+
SIFT Workstation is based on Ubuntu.
  
 
Software Includes:  
 
Software Includes:  
Line 19: Line 19:
 
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
 
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
  
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.
+
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local Windows operating system.
  
 
== Links ==
 
== Links ==

Latest revision as of 17:55, 15 June 2014

The SANS SIFT Workstation is a VMware Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats.

Overview

SIFT Workstation is based on Ubuntu.

Software Includes:

  1. The Sleuth Kit
  2. ssdeep & md5deep
  3. Foremost/Scalpel
  4. Wireshark
  5. HexEditor
  6. Vinetto (thumbs.db examination)
  7. Pasco
  8. Rifiuti
  9. Volatility Framework
  10. DFLabs PTK (GUI Front-End for Sleuthkit)
  11. Autopsy (GUI Front-End for Sleuthkit)

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local Windows operating system.

Links