Blog: SANS Digital Forensics and Incident Response Blog: Category - SIFT Workstation

Blog: SANS Digital Forensics and Incident Response Blog:

Faster SIFT 3.0 Download and Install #DFIR #SIFT3

Having trouble downloading new SIFT 3.0? We are experiencing heavy traffic currently. Try bootstrap install option.

  • Download and install.

  • Open terminal

  • Type:wget --quiet -O - | sudo sh -s -- -i -s -y

  • There will be a couple of times it will ask you a few questions. Easy to answer.

  • Takes about 20 minutes to install from bootstrap.

This is the same version that was installed in the VM and will probably be quicker for you to setup.

Finally, this shows off our new packaging manager -- when new releases come out -- when ...

SANS SIFT 3.0 Virtual Machine Released

SANS Investigate Forensic Toolkit (SIFT) Workstation Version 3.0

An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit ...

SANS #DFIR Windows Memory Forensics Training (FOR526) Malware can hide, but it must run.

SANS Windows Memory Forensics Training (FOR526) — Knocks it out of the park!

Jesse Kornblum and Alissa Torres just finished up their first official course dedicated to Windows Memory Forensics at the SANS Institute at SANS2013 in Orlando. The course teaches key techniques used by actual practioners in the field who use it in their jobs daily -- using memory forensics to find evil and doing a great job at it. The key to this course is that like all SANS training it is not tool dependent but teaches the fundamentals that each analyst should know when responding to incidents with these skills.

SANS is offering a 10%


Java IDX Sample Files from Java Spearphishing Attack from SANS FOR508

Earlier this year, SANS created the most in-depth incident response training scenario that spans multiple systems in FOR508: Advanced Forensic Analysis and Incident Response. We discussed the entire scenario in a blog titled: "Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results"

One of the biggest complaints that many have in the DFIR community is the lack of realistic data to learn from. Starting a year ago, I planned to change that through creating a realistic scenario based on experiences from the entire cadre of instructors at SANS and additional experts who reviewed and advised the attack "script". We created an incredibly rich and


FTK 4 Added to SANS FOR408 Windows Forensics Training Course

We are pleased to report the successful introduction of Access Data's Forensic Toolkit (FTK) v4 into the SANS FOR408 Course (Computer Forensic Investigations - Windows In-Depth). While students have access to well over a hundred free and open source tools during the course, we also felt it important for them to gain an understanding of the capabilities of commercial tool suites. There is no one tool that can accomplish everything during a forensic examination, but in many cases a forensic suite can greatly speed up case processing and analysis. Hence, commercial tools like Guidance EnCase, Magnet Forensics Internet Evidence Finder, and Access Data FTK are all part of