Friday, August 5, 2011
SANS Investigate Forensic Toolkit (SIFT) Workstation v.2.1 Released
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
The SIFT Workstation is a VMware appliance, pre-configured with the necessary tools to perform detailed digital forensic examination in a variety of settings. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many new capabilities and tools such as log2timeline that provides a timeline that can be of enormous value to investigators.
New in SIFT 2.1
iPhone, Blackeberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Timeline Generation via log2timeline
Many Firefox Investigative Plugins
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event log, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)