Free Computer Forensics Toolkit Found To Have Capabilities Missing in Most Commercial Forensics Tools
August 12, 2011, Washington DC
The SANS Institute reported today a comparison of the capabilities of the recently-upgraded SIFT forensics toolkit with the most popular commercial forensics tools. Although the commercial tools maintain advantages over SIFT in some areas, the free SIFT tool exceeds the capabilities of the commercial tools in other areas. "Even if SIFT cost tens of thousands of dollars," says, Alan Paller, director of research at SANS, "it would be a very competitive product." At no cost, it should be part of the portfolio in every organization that has skilled forensics analysts.
|SIFT Workstation 2.1||Leading Commercial Forensic Tools|
|Automated Windows Registry Parsing|
|File System Parsing|
|Windows Artifact Analysis|
|Automated Case Processing|
|Super Timeline Generation and Analysis|
|Mobile Device Support||Limited|
Some testimonials about the SIFT Workstation
The SIFT Workstation has quickly become my "go to" tool when conducting an exam. The powerful open source forensic tools in the kit on top of the versatile and stable Linux operating system make for quick access to most everything I need to conduct a thorough analysis of a computer system." -Ken Pryor, GCFA Robinson, IL Police Department
"Configuring a forensic analysis platform on your workstation can take a lot of time, and installing/setting up applications can be a pain at times. The SANS SIFT workstation has done the heavy lifting already with a wealth of useful, relevant tools - things like volatility, sleuthkit (with autopsy and ptk), pyflag and (my personal favorite) log2timeline. It gives the best of both worlds, both CLI and GUI. The best thing is, you don't need a dongle or have to worry about licensing, since it's all free/open source! SIFT is an excellent platform for analysis and I have found it to be very beneficial during investigations. - Frank McClain - GCFA, GCIH, CHFI"
For more information regarding the SIFT Workstation 2.1 release or to download it, the link you should use is: http://digital-forensics.sans.org/community/downloads
Alan Paller, Director of Research, SANS institute firstname.lastname@example.org.