Language Selection

English French German Italian Portuguese Spanish

Sans Investigative Forensics Toolkit (SIFT)

Filed under
GNU
Linux

SIFT is a computer forensics distribution created by the SANS Forensics team for performing digital forensics. This distro includes most tools required for digital forensics analysis and incident response examinations. SIFT is open-source and publicly available for free on the internet. In today’s digital world, where crimes are committed every day using digital technology, attackers are becoming more and more stealthy and sophisticated. This can cause companies to lose important data, with millions of users exposed. Protecting your organization from these attacks requires strong forensic techniques and knowledge in your defense strategy. SIFT provides forensic tools for file systems, memory and network investigations to perform in-depth forensic investigations.
In 2007, SIFT was available for download and was hard coded, so whenever an update arrived, users had to download the newer version. With further innovation in 2014, SIFT became available as a robust package on Ubuntu, and can now be downloaded as a workstation. Later, in 2017, a version of SIFT came to market allowing greater functionality and providing users the ability to leverage data from other sources. This newer version contains more than 200 tools from third parties, and contains a package manager requiring users to type only one command to install a package. This version is more stable, more efficient, and provides better functionality in terms of memory analysis. SIFT is scriptable, meaning that users can combine certain commands to make it work according to their needs.

SIFT can run on any system running on Ubuntu or Windows OS. SIFT supports various evidence formats, including AFF, E01, and raw format (DD). Memory forensics images are also compatible with SIFT. For file systems, SIFT supports ext2, ext3 for linux, HFS for Mac and FAT, V-FAT, MS-DOS, and NTFS for Windows.

Read more

More in Tux Machines

Games: Esports and More

  • The Dramatic Rise of Esports Worldwide

    The Boiling Steam Matrix Room is full of surprises. Turns out that one of our readers, @Grazen, is in a senior leadership role at an Esports company. Since Esports are growing like crazy these days, it was a great opportunity to ask him for more details about the market and where everything is headed (and if Linux fits anywhere currently). [...] Adam: I play all of them, badly, but I keep trying. I would say Overwatch is my favorite to play but tough to master. Overwatch and League of Legends also work well via Lutris in Linux so it makes it easier for me to play as I don’t generally use Windows or OSX. There’s of course a native Linux version of Counter-Strike but I don’t believe it’s as well optimized as the Windows version. Call of Duty isn’t playable on Linux due to the anti-cheat system used.

  • Assistive Tech And Video Games | Hackaday

    The basic premise of the circuit is pretty simple. She DIY’d a few contact switches using conductive plates made of cardboard, duct tape, and aluminum foil. The output of the switch is read by analog input pins on an Arduino Leonardo. When the switches are off, the analog input pins are pulled HIGH using 1 MegaOhm resistors. But when the user hits their head on one of the four conductive pads, the switch is engaged, and the analog input pins are shorted to ground.

  • How to install Grapple! by Barji on a Chromebook

    Today we are looking at how to install Grapple! by Barji on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below. This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

5 Best Terminal Based Linux Monitoring Tools

We are going to explore the 5 best terminal based monitoring tools that you can use on your Linux systems to keep you fully aware of their status. Everyone will agree that Linux monitoring tools are required to ensure a healthy Linux infrastructure. Hence, a performance monitoring solution becomes important to observe the health, activities, and capability of your Linux systems. Fortunately, there are many Linux monitoring tools available out there. In this article we are going to talk about 5 lightweight terminal-based and free-to-use tools to monitors servers and desktops running Linux. Read more

‘Video Trimmer’ GTK App Adds Dark Mode, New Encode Option

Among the changes offered in Video Trimmer 0.7.0 is a new checkbox for “accurate trimming with re-encoding” to the output file selection dialog. Whenever you need a frame-perfect result you may want to make use of this option — though it can sometimes result in lower quality, so YMMV. As well as more accurate trimming, the look of the app has been given a once-over. The design of Video Trimmer is said to better match the GNOME Adwaita theme, and the app now sports a dark style/dark mode (and uses this by default, in-keeping with other editing tools). Finally, the app makes finding your exports a touch easier. When video trimming is complete the app shows a(n in-app) notification. As of this release that notification gains a “Show in Files” button. This lets you quickly locate the resulting clip. Read more

Audiocasts/Shows: Coder Radio, FLOSS Weekly, Freespire 8.0

  • Reptilian Power Play | Coder Radio 443

    We peak in on one of the nastiest corporate moves in a while, and Chris has a big confession.

  • FLOSS Weekly 659: Open Source and Amateur Radio - Steve Stroh

    Steve Stroh (N8GNJ) joins Doc Searls and Jonathan Bennett (KG5IAR) for an hour of conversation regarding the world of wireless communication, HAM radio and open source. It's quite the masterclass as he discusses how HAM radio modeled and still practices openness for the world, packet radio, TNCs, SDRs (and transceivers) WSJT, Helium, LoRa, the ups and downs of crypto, WSPRnet, CHIRP, disaster recovery, making antennas, StarLink, mesh networks and much more.

  • Freespire 8.0 Run Through - Invidious

    In this video, we are looking at Freespire 8.0.

  • Freespire 8.0

    Today we are looking at Freespire 8.0. It is based on Ubuntu 20.04, Linux Kernel 5.4, XFCE 4.16, and uses about 900MB - 1.5GB of ram when idling.