Sans investigative forensic toolkit workstation

The SANS SIFT Workstation is a VMware Appliance, built on top of Ubuntu, that is preconfigured with all the necessary tools to perform a forensic examination. It is compatible with Expert Witness Format, Advanced Forensic Format (aff) evidence formats.

Overview

SIFT Workstation is based on Ubuntu.

Software Includes:

1. The Sleuth Kit
2. ssdeep & md5deep
3. Foremost/Scalpel
4. Wireshark
5. HexEditor
6. Vinetto (thumbs.db examination)
7. Pasco
8. Rifiuti
9. Volatility Framework
10. DFLabs PTK (GUI Front-End for The Sleuth Kit
11. Autopsy (GUI Front-End for The Sleuth Kit

The SIFT Workstation will allow evidence to be viewed from a Windows workstation. The /images directory and the evidence mount point, the /mnt/hack directory, can be viewed from the local Windows operating system.

Links

• Computer Forensics and e-Discovery downloads