According to the Computer Dudes at SANS
The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a variety of settings. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many new capabilities and tools such as log2timeline that provides a timeline that can be of enormous value to investigators.
SIFT Workstation 2.1 Capabilities
Ability to securely examine raw disks, multiple file systems, evidence formats. Places strict guidelines on how evidence is examined (read-only) verifying that the evidence has not changedFile system support
- Windows (MSDOS, FAT, VFAT, NTFS)
- MAC (HFS)
- Solaris (UFS)
- Linux (EXT2/3/4)
Evidence Image Support
- Expert Witness (E01)
- RAW (dd)
- Advanced Forensic Format (AFF)
Software Includes:
- The Sleuth Kit (File system Analysis Tools)
- log2timeline (Timeline Generation Tool)
- ssdeep & md5deep (Hashing Tools)
- Foremost/Scalpel (File Carving)
- WireShark (Network Forensics)
- Vinetto (thumbs.db examination)
- Pasco (IE Web History examination)
- Rifiuti (Recycle Bin examination)
- Volatility Framework (Memory Analysis)
- DFLabs PTK (GUI Front-End for Sleuthkit)
- Autopsy (GUI Front-End for Sleuthkit)
- PyFLAG (GUI Log/Disk Examination)
- 100s more tools -> See Detailed Tool Listing
New in SIFT 2.1
- iPhone, Blackeberry, and Android Forensic Capabilities
- Registry Viewer (YARU)
- Compatibility with F-Response Tactical, Standard, and Enterprise
- PTK 2.0 (Special Release – Not Available for Download)
- Automated Timeline Generation via log2timeline
- Many Firefox Investigative Plugins
- Windows Journal Parser and Shellbags Parser (jp and sbag)
- Many Windows Analysis Utilities (prefetch, usbstor, event log, and more)
- Complete Overhaul of Regripper Plugins (added over 80 additional plugins)
Prerequisites
- VM Player (www.vmware.com)
Download Links
- SIFT DVD (1.5 GB)
Related Links
No comments:
Post a Comment