SANS Investigative Forensic Toolkit Workstation 2.0 VMware Appliance | 1.49GB
Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Computer Forensic Investigations and Incident Response course (FOR 508) in order to show that advanced investigations and investigating hackers can be accomplished using freely available open-source tools. The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.
Basic Configuration Information
Recommend to increase VMware Options for
* Download VMworkstation, Player, or Fusion
* Memory (Currently 1024K, increase to add more RAM as needed)
* CPUs (Currently 1, increase as needed for more power)
SIFT Login/Password
After downloading the toolkit, use the credentials below to gain access.
* Login "sansforensics"
* Password "forensics"
* $ sudo su -
o Use to elevate privileges to root while mounting disk images.
PTK login
* Login "admin"
* Password "forensics"
Host Machine Connectivity
Enable SHARED FOLDERS
* VM -> SETTINGS -> OPTIONS -> Shared Folders -> Always Enabled (Check)
* Access to Host System Found on Desktop
* VMware-Shared-Drive
Access from a Windows Machine
* Filesystem Shares \\SIFTWORKSTATION
o or use ifconfig and connect to eth0 IP Address listed (e.g. \\192.168.1.12)
o /mnt - Mount point for read-only examination of digital forensic evidence
o /cases - Directory to store evidence
SIFT Workstation Recommended Software Requirements
* VMware Player, Workstation, or Fusion (Free From www.vmware.com)
* SANS SIFT Workstation Capabilities
SIFT Workstation 2.0 Capabilities
Ability to securely examine raw disks, multiple file systems, evidence formats. Places strict guidelines on how evidence is examined (read-only) verifying that the evidence has not changed
File system support
* Windows (MSDOS, FAT, VFAT, NTFS)
* MAC (HFS)
* Solaris (UFS)
* Linux (EXT2/3)
Evidence Image Support
* Expert Witness (E01)
* RAW (dd)
* Advanced Forensic Format (AFF)
Software Includes
* The Sleuth Kit (File system Analysis Tools)
* log2timeline (Timeline Generation Tool)
* ssdeep & md5deep (Hashing Tools)
* Foremost/Scalpel (File Carving)
* WireShark (Network Forensics)
* Vinetto (thumbs.db examination)
* Pasco (IE Web History examination)
* Rifiuti (Recycle Bin examination)
* Volatility Framework (Memory Analysis)
* DFLabs PTK (GUI Front-End for Sleuthkit)
* Autopsy (GUI Front-End for Sleuthkit)
* PyFLAG (GUI Log/Disk Examination)
Key Directories in SANS SIFT Workstation
* /forensics
o Location of the files used for the Autopsy Toolset
* /usr/local/src
o Source files for Autopsy, The Sleuth Kit, and other tools
* /usr/local/bin
o Location of the forensic pre-compiled binaries
* /cases
o Location of your collected evidence
* /mnt/hack
o Location of the mount points for the file system images
Homepage: http://computer-forensics.sans.org/
Download Hotfile
http://hotfile.com/dl/88593449/cf91fdf/SANS_Forensics_Investigation_workstation_2.0.part01.rar.html
http://hotfile.com/dl/88593451/a0fc33b/SANS_Forensics_Investigation_workstation_2.0.part02.rar.html
http://hotfile.com/dl/88593417/bbdf42b/SANS_Forensics_Investigation_workstation_2.0.part03.rar.html
http://hotfile.com/dl/88593432/d62f4f0/SANS_Forensics_Investigation_workstation_2.0.part04.rar.html
http://hotfile.com/dl/88593454/4dfff4f/SANS_Forensics_Investigation_workstation_2.0.part05.rar.html
http://hotfile.com/dl/88593460/5ce3880/SANS_Forensics_Investigation_workstation_2.0.part06.rar.html
http://hotfile.com/dl/88593413/97614e7/SANS_Forensics_Investigation_workstation_2.0.part07.rar.html
http://hotfile.com/dl/88593457/246857b/SANS_Forensics_Investigation_workstation_2.0.part08.rar.html
http://hotfile.com/dl/88593453/80e515f/SANS_Forensics_Investigation_workstation_2.0.part09.rar.html
http://hotfile.com/dl/88593436/08aa684/SANS_Forensics_Investigation_workstation_2.0.part10.rar.html
http://hotfile.com/dl/88593448/9f1dca0/SANS_Forensics_Investigation_workstation_2.0.part11.rar.html
http://hotfile.com/dl/88593476/918fcc2/SANS_Forensics_Investigation_workstation_2.0.part12.rar.html
http://hotfile.com/dl/88593431/2ff186e/SANS_Forensics_Investigation_workstation_2.0.part13.rar.html
http://hotfile.com/dl/88593426/b20ac4a/SANS_Forensics_Investigation_workstation_2.0.part14.rar.html
http://hotfile.com/dl/88593456/5bd1022/SANS_Forensics_Investigation_workstation_2.0.part15.rar.html
http://hotfile.com/dl/88593447/2034f14/SANS_Forensics_Investigation_workstation_2.0.part16.rar.html
Download Fileserve
http://www.fileserve.com/file/RJ8XdFK/SANS_Forensics_Investigation_workstation_2.0.part01.rar
http://www.fileserve.com/file/bgMrnzG/SANS_Forensics_Investigation_workstation_2.0.part02.rar
http://www.fileserve.com/file/KtNyzMV/SANS_Forensics_Investigation_workstation_2.0.part03.rar
http://www.fileserve.com/file/beWGg5n/SANS_Forensics_Investigation_workstation_2.0.part04.rar
http://www.fileserve.com/file/fCepnUp/SANS_Forensics_Investigation_workstation_2.0.part05.rar
http://www.fileserve.com/file/RJANZFP/SANS_Forensics_Investigation_workstation_2.0.part06.rar
http://www.fileserve.com/file/e6RHCwm/SANS_Forensics_Investigation_workstation_2.0.part07.rar
http://www.fileserve.com/file/5u3p7xn/SANS_Forensics_Investigation_workstation_2.0.part08.rar
http://www.fileserve.com/file/UWCKTtT/SANS_Forensics_Investigation_workstation_2.0.part09.rar
http://www.fileserve.com/file/gtERysW/SANS_Forensics_Investigation_workstation_2.0.part10.rar
http://www.fileserve.com/file/hQEVJBw/SANS_Forensics_Investigation_workstation_2.0.part11.rar
http://www.fileserve.com/file/76GGKy5/SANS_Forensics_Investigation_workstation_2.0.part12.rar
http://www.fileserve.com/file/rg7ZzXf/SANS_Forensics_Investigation_workstation_2.0.part13.rar
http://www.fileserve.com/file/RYZBQMC/SANS_Forensics_Investigation_workstation_2.0.part14.rar
http://www.fileserve.com/file/54rE5mM/SANS_Forensics_Investigation_workstation_2.0.part15.rar
http://www.fileserve.com/file/xqhSVVW/SANS_Forensics_Investigation_workstation_2.0.part16.rar
Download Filesonic
http://www.filesonic.com/file/41070807/SANS_Forensics_Investigation_workstation_2.0.part01.rar
http://www.filesonic.com/file/41070751/SANS_Forensics_Investigation_workstation_2.0.part02.rar
http://www.filesonic.com/file/41070813/SANS_Forensics_Investigation_workstation_2.0.part03.rar
http://www.filesonic.com/file/41070135/SANS_Forensics_Investigation_workstation_2.0.part04.rar
http://www.filesonic.com/file/41070155/SANS_Forensics_Investigation_workstation_2.0.part05.rar
http://www.filesonic.com/file/41070831/SANS_Forensics_Investigation_workstation_2.0.part06.rar
http://www.filesonic.com/file/41070851/SANS_Forensics_Investigation_workstation_2.0.part07.rar
http://www.filesonic.com/file/41070145/SANS_Forensics_Investigation_workstation_2.0.part08.rar
http://www.filesonic.com/file/41070861/SANS_Forensics_Investigation_workstation_2.0.part09.rar
http://www.filesonic.com/file/41070917/SANS_Forensics_Investigation_workstation_2.0.part10.rar
http://www.filesonic.com/file/41070925/SANS_Forensics_Investigation_workstation_2.0.part11.rar
http://www.filesonic.com/file/41070931/SANS_Forensics_Investigation_workstation_2.0.part12.rar
http://www.filesonic.com/file/41070339/SANS_Forensics_Investigation_workstation_2.0.part13.rar
http://www.filesonic.com/file/41071081/SANS_Forensics_Investigation_workstation_2.0.part14.rar
http://www.filesonic.com/file/41071069/SANS_Forensics_Investigation_workstation_2.0.part15.rar
http://www.filesonic.com/file/41070331/SANS_Forensics_Investigation_workstation_2.0.part16.rar
http://hotfile.com/dl/88593449/cf91fdf/SANS_Forensics_Investigation_workstation_2.0.part01.rar.html
http://hotfile.com/dl/88593451/a0fc33b/SANS_Forensics_Investigation_workstation_2.0.part02.rar.html
http://hotfile.com/dl/88593417/bbdf42b/SANS_Forensics_Investigation_workstation_2.0.part03.rar.html
http://hotfile.com/dl/88593432/d62f4f0/SANS_Forensics_Investigation_workstation_2.0.part04.rar.html
http://hotfile.com/dl/88593454/4dfff4f/SANS_Forensics_Investigation_workstation_2.0.part05.rar.html
http://hotfile.com/dl/88593460/5ce3880/SANS_Forensics_Investigation_workstation_2.0.part06.rar.html
http://hotfile.com/dl/88593413/97614e7/SANS_Forensics_Investigation_workstation_2.0.part07.rar.html
http://hotfile.com/dl/88593457/246857b/SANS_Forensics_Investigation_workstation_2.0.part08.rar.html
http://hotfile.com/dl/88593453/80e515f/SANS_Forensics_Investigation_workstation_2.0.part09.rar.html
http://hotfile.com/dl/88593436/08aa684/SANS_Forensics_Investigation_workstation_2.0.part10.rar.html
http://hotfile.com/dl/88593448/9f1dca0/SANS_Forensics_Investigation_workstation_2.0.part11.rar.html
http://hotfile.com/dl/88593476/918fcc2/SANS_Forensics_Investigation_workstation_2.0.part12.rar.html
http://hotfile.com/dl/88593431/2ff186e/SANS_Forensics_Investigation_workstation_2.0.part13.rar.html
http://hotfile.com/dl/88593426/b20ac4a/SANS_Forensics_Investigation_workstation_2.0.part14.rar.html
http://hotfile.com/dl/88593456/5bd1022/SANS_Forensics_Investigation_workstation_2.0.part15.rar.html
http://hotfile.com/dl/88593447/2034f14/SANS_Forensics_Investigation_workstation_2.0.part16.rar.html
Download Fileserve
http://www.fileserve.com/file/RJ8XdFK/SANS_Forensics_Investigation_workstation_2.0.part01.rar
http://www.fileserve.com/file/bgMrnzG/SANS_Forensics_Investigation_workstation_2.0.part02.rar
http://www.fileserve.com/file/KtNyzMV/SANS_Forensics_Investigation_workstation_2.0.part03.rar
http://www.fileserve.com/file/beWGg5n/SANS_Forensics_Investigation_workstation_2.0.part04.rar
http://www.fileserve.com/file/fCepnUp/SANS_Forensics_Investigation_workstation_2.0.part05.rar
http://www.fileserve.com/file/RJANZFP/SANS_Forensics_Investigation_workstation_2.0.part06.rar
http://www.fileserve.com/file/e6RHCwm/SANS_Forensics_Investigation_workstation_2.0.part07.rar
http://www.fileserve.com/file/5u3p7xn/SANS_Forensics_Investigation_workstation_2.0.part08.rar
http://www.fileserve.com/file/UWCKTtT/SANS_Forensics_Investigation_workstation_2.0.part09.rar
http://www.fileserve.com/file/gtERysW/SANS_Forensics_Investigation_workstation_2.0.part10.rar
http://www.fileserve.com/file/hQEVJBw/SANS_Forensics_Investigation_workstation_2.0.part11.rar
http://www.fileserve.com/file/76GGKy5/SANS_Forensics_Investigation_workstation_2.0.part12.rar
http://www.fileserve.com/file/rg7ZzXf/SANS_Forensics_Investigation_workstation_2.0.part13.rar
http://www.fileserve.com/file/RYZBQMC/SANS_Forensics_Investigation_workstation_2.0.part14.rar
http://www.fileserve.com/file/54rE5mM/SANS_Forensics_Investigation_workstation_2.0.part15.rar
http://www.fileserve.com/file/xqhSVVW/SANS_Forensics_Investigation_workstation_2.0.part16.rar
Download Filesonic
http://www.filesonic.com/file/41070807/SANS_Forensics_Investigation_workstation_2.0.part01.rar
http://www.filesonic.com/file/41070751/SANS_Forensics_Investigation_workstation_2.0.part02.rar
http://www.filesonic.com/file/41070813/SANS_Forensics_Investigation_workstation_2.0.part03.rar
http://www.filesonic.com/file/41070135/SANS_Forensics_Investigation_workstation_2.0.part04.rar
http://www.filesonic.com/file/41070155/SANS_Forensics_Investigation_workstation_2.0.part05.rar
http://www.filesonic.com/file/41070831/SANS_Forensics_Investigation_workstation_2.0.part06.rar
http://www.filesonic.com/file/41070851/SANS_Forensics_Investigation_workstation_2.0.part07.rar
http://www.filesonic.com/file/41070145/SANS_Forensics_Investigation_workstation_2.0.part08.rar
http://www.filesonic.com/file/41070861/SANS_Forensics_Investigation_workstation_2.0.part09.rar
http://www.filesonic.com/file/41070917/SANS_Forensics_Investigation_workstation_2.0.part10.rar
http://www.filesonic.com/file/41070925/SANS_Forensics_Investigation_workstation_2.0.part11.rar
http://www.filesonic.com/file/41070931/SANS_Forensics_Investigation_workstation_2.0.part12.rar
http://www.filesonic.com/file/41070339/SANS_Forensics_Investigation_workstation_2.0.part13.rar
http://www.filesonic.com/file/41071081/SANS_Forensics_Investigation_workstation_2.0.part14.rar
http://www.filesonic.com/file/41071069/SANS_Forensics_Investigation_workstation_2.0.part15.rar
http://www.filesonic.com/file/41070331/SANS_Forensics_Investigation_workstation_2.0.part16.rar
No comments:
Post a Comment