Now available for online ordering - the SANS DFIR Polo. Up until recently this shirt was only handed out at special events like DFIRCON or the DFIRSUMMIT, but now you can get your very own shirt via the SANS Store. Click here to order one now ->http://dfir.to/DFIRPOLO
- Download and install.http://releases.ubuntu.com/12.04/ubuntu-12.04.4-desktop-amd64.iso
- Open terminal
- Type:wget --quiet -O - https://raw.github.com/sans-dfir/sift-bootstrap/master/bootstrap.sh | sudo sh -s -- -i -s -y
- There will be a couple of times it will ask you a few questions. Easy to answer.
- Takes about 20 minutes to install from bootstrap.
SANS Investigate Forensic Toolkit (SIFT) Workstation Version 3.0
SIFT Workstation 3.0 Overview
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit ...
Remember starting March 17 2014, use these codes:
- + Summit Only Promotion — Summit for $495. Register with code -> SUMMIT
- + Class & Summit Promotion — Summit for $195 with a class. Register with code -> COURSE
Stay connected via twitter, using hashtag #DFIRsummit, to hear announcements and discussions surrounding the Summit.
Register Now! -http://dfir.to/DFIRSummit14
Based on FOR526 Memory Forensics In Depth content
I recently worked an investigation that involved anomalous network traffic occurring inside a customer's network between a handful of workstations and the internal DNS server. I was given memory images collected by the customer from two of the offending systems. Following the memory analysis methodology we teach in FOR526, I was able to "rule out"* malicious code running on these systems. In addition to doing memory structure-based analysis, I parsed the image with a stream-based data carving tool, Bulk Extractor. This impressive free open-source...