Difference between pages "File:BBManager4 6 Backup1.JPG" and "SANS Investigative Forensic Toolkit Workstation"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(uploaded a new version of "Image:BBManager4 6 Backup1.JPG")
 
m (Fixed up volatility link)
 
Line 1: Line 1:
 +
'''The SANS SIFT Workstation''' is a [[VMware]] Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with [[Encase | Expert Witness Format]] (E01), Advanced Forensic Format ([[AFF]]), and raw (dd) evidence formats.
  
 +
== Overview ==
 +
 +
SIFT Workstation is based on Fedora.
 +
 +
Software Includes:
 +
 +
# [[The Sleuth Kit]]
 +
# [[ssdeep]] & [[md5deep]]
 +
# [[Foremost]]/[[Scalpel]]
 +
# [[Wireshark]]
 +
# HexEditor
 +
# [[Vinetto]] ([[thumbs.db]] examination)
 +
# Pasco
 +
# Rifiuti
 +
# [[Volatility Framework]]
 +
# DFLabs PTK (GUI Front-End for [[Sleuthkit]])
 +
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
 +
 +
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.
 +
 +
== Links ==
 +
 +
* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]

Revision as of 13:51, 15 January 2009

The SANS SIFT Workstation is a VMware Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats.

Overview

SIFT Workstation is based on Fedora.

Software Includes:

  1. The Sleuth Kit
  2. ssdeep & md5deep
  3. Foremost/Scalpel
  4. Wireshark
  5. HexEditor
  6. Vinetto (thumbs.db examination)
  7. Pasco
  8. Rifiuti
  9. Volatility Framework
  10. DFLabs PTK (GUI Front-End for Sleuthkit)
  11. Autopsy (GUI Front-End for Sleuthkit)

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.

Links

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeThumbnailDimensionsUserComment
current22:43, 18 March 2013Thumbnail for version as of 22:43, 18 March 2013650 × 412 (142 KB)Maintenance script (Talk)Importing image file

The following page links to this file:

Metadata

This file contains additional information, probably added from the digital camera or scanner used to create or digitize it. If the file has been modified from its original state, some details may not fully reflect the modified file.
Orientation Normal
Horizontal resolution 96 dpi
Vertical resolution 96 dpi
Software used Adobe Photoshop CS3 Windows
File change date and time 17:52, 5 December 2008
Color space Uncalibrated
Image height 650 px
Image width 412 px
Date and time of digitizing 12:40, 5 December 2008
Date metadata was last modified 12:52, 5 December 2008
Retrieved from "http://www.forensicswiki.org/w/index.php?title=File:BBManager4_6_Backup1.JPG&oldid=9039"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox