Difference between pages "SANS Investigative Forensic Toolkit Workstation" and "User:Garfield236"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m (Creating user page with biography of new user.)
 
Line 1: Line 1:
'''The SANS SIFT Workstation''' is a [[VMware]] Appliance that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with [[Encase | Expert Witness Format]] (E01), Advanced Forensic Format ([[AFF]]), and raw (dd) evidence formats.
+
Forensic analyst
 
+
20+ years technical support, Desktop, Servers, Routers,  
== Overview ==
+
CCNP
 
+
CISSP
SIFT Workstation is based on Fedora.
+
 
+
# Software Includes:
+
 
+
# [[The Sleuth Kit]]
+
# [[ssdeep]] & [[md5deep]]
+
# [[Foremost]]/[[Scalpel]]
+
# [[Wireshark]]
+
# HexEditor
+
# [[Vinetto]] ([[thumbs.db]] examination)
+
# Pasco
+
# Rifiuti
+
# [[Volatility]] Framework
+
# DFLabs PTK (GUI Front-End for [[Sleuthkit]])
+
# [[Autopsy]] (GUI Front-End for [[Sleuthkit]])
+
 
+
The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local windows operation system.
+
 
+
== Links ==
+
 
+
* [http://forensics.sans.org/community/downloads/ Computer Forensics and e-Discovery downloads]
+

Latest revision as of 16:48, 26 December 2010

Forensic analyst 20+ years technical support, Desktop, Servers, Routers, CCNP CISSP