SANS Digital Forensics and Incident Response Blog

Digital Forensics Case Leads: SIFT 2.1, Volatility 2.0

Looks like I picked a great week to do my first Digital Forensics Case Leads post. With excellent new tools, great blog posts to tell you about and more, my job was easy.

Tools:

  • The one stop shop for digital forensic investigations has just arrived with lots of new forensic goodness in addition to the tools you already know and love. SIFT 2.1 is available for download now, brought to you by SANS Faculty Fellow Rob Lee and an international cast of experts! Once again available as a VMware virtual machine or as an .iso file, the Ubuntu Linux based SIFT 2.1 improves upon the already outstanding collection of forensic tools provided in version 2.0 with even more great stuff, including tools for phone forensics, YARU Registry Viewer, new Firefox Investigative plugins, Volatility 2.0 and much much more! How much does it cost, you ask? SIFT 2.1 is yours today for only $0.00. Download SIFT 2.1 from the SANS Digital Forensics site.
  • Volatility 2.0 was released at the Open Memory Forensics Workshop in New Orleans this week! Go get the latest version of this excellent open source tool and check out all the new functionality and improvements. I've already tried it out and can say it's well worth the download. You will definitely want to use Volatility 2 in your memory forensic analysis endeavors. Note: Volatility 2.0 has been included in the above SIFT 2.1 release. Simply type # vol.py -h from the command line in any directory.

Good Reads:

News:

Levity:

Podcasts:

Coming Events:

Call For Papers:

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 4, August 2011 was compiled by Ken Pryor, GCFA. Ken is a police officer and does computer forensic investigations for his and several other police departments in his area. He is also an adjunct professor for Lincoln Trail College in Robinson, IL, teaching computer forensic and related courses.

5 Comments

Posted August 5, 2011 at 3:27 PM | Permalink | Reply

Glenn Nick

Question, the download link requires a user name and password to download the SIFT. I entered my active SANS account info and was unable to get access to the file. Any idea what is required to download the SIFT?

Posted August 5, 2011 at 6:42 PM | Permalink | Reply

Dave Hull

You may have to enter your SANS portal credentials and once authenticated, click the download link again. I've had to do that myself.

Posted August 5, 2011 at 7:01 PM | Permalink

Glenn Nick

Please disregard my last question. It turned out to be an internal network issue. I'm downloading the SIFT now''. thanks!

Posted August 16, 2011 at 9:17 PM | Permalink | Reply

Clint Hastings

After clicking the download link for either the SIFT 2.1 iso or vmware appliance, I log in using my SANS Portal account then click on the given link to start the download. At this point I'm presented with yet another authentication prompt / pop-up titled "Authentication Required" which states "The server computer-forensics12.sans.org:80 requires a username and password. The server says: SANS ''" Restricted Access [Area ''" 032]."
This extra authentication pop-up is displayed regardless of what browser I use (tried Chrome, IE9 and FF) or what computer I use (tried from two different systems). Entering my SANS Portal credentials into this new authentication prompt and clicking the "Log In" button fails. Clicking the "Cancel" button in the prompt window generates the following error message:
"Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."
Any idea what's going on here?

Posted August 18, 2011 at 7:11 PM | Permalink | Reply

robtlee

We are working on this. We added a link on the main page that says "Note: If you are having trouble downloading the SIFT Kit please contact sift-support@sans.org and include the URL you were given, your IP address, and if you are using a proxy of any kind."