Notifications
Clear all

SANS SIFT 3.0 ?

5 Posts
4 Users
0 Likes
984 Views
(@bsg819)
Posts: 19
Active Member
Topic starter
 

Hi,

I have been working on SANS SIFT 3.0.
Few things i found strange is that exclusion of tools such as FTK Imager which was in the previous version but not in SIFT 3.0.
Well I haven't worked on any commercial tool so cant really compare it to SIFT.

What do you guys have to say about SIFT ? Though it has many tools but are they good enough ? Is it Better then Backtrack or Kali ?
Any features which you felt is better then any commercial tool ?

Really appreciate your expert reviews on it !

 
Posted : 28/04/2014 12:34 pm
(@mr_dee)
Posts: 5
Active Member
 

I took a course from SANS in Windows Memory forensics in depth where the course was based on working with the SIFT workstation.

There were plenty of options for artifact extraction and malware analysis from memory dumps which was really interesting. I would reccommend it for that. But you do have to invest the time to get used to working with it.

 
Posted : 28/04/2014 12:47 pm
(@bsg819)
Posts: 19
Active Member
Topic starter
 

you do have to invest the time to get used to working with it

- Yes !! Its been a while I am working on it still haven't got completely used to it yet !

 
Posted : 28/04/2014 12:54 pm
(@a-nham)
Posts: 32
Eminent Member
 

SIFT 3.0 from my current limited vm usage has been amazing. I think SIFT and Kali trade blows pretty evenly. SIFT has a lot of the essential preinstalled tools that one may look for when doing computer forensics, like log2timeline or Plaso (two programs that are almost essential in some forms of forensics, but not preinstalled on Kali). However, Kali's integration of applications into its OS is probably amongst the best out there on Linux, especially considering that it is not an OS you had to build up from scratch. For example, on Kali, almost all the tools, if not all of them, can run outside of their respective folders and without the extension out of the box. In addition live acquisition and platform support is probably next to limitless on Kali, you can even install it on a Pi or a tablet without much tinkering.

So which one is better? It really depends, SIFT is great if you want an OS that you know will have tons of working forensics tools once it is installed. Kali probably requires a bit more tinkering, but then again it was intended to be more of a pen testing OS so I cant blame them, especially considering the amount of forensic tools they put in there anyways. Either way, both are amongst the best out there; you could have a lot worse of an OS than either.

As far as how it may be better than other commercial tools, both tools have programs you pretty know will work after the OS is installed on a device. You don't have to worry too much about OS compatibility or software conflicts, but at the same time tools may be a bit more dated in these OSes than that of commercial alternatives if not self-maintained.

Hope that helps.

Just FYI, Kali is commercial, it is just that they permit free non-commercial uses (for exact info look at their terms and conditions).

 
Posted : 29/04/2014 11:48 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Though it has many tools but are they good enough ? Is it Better then Backtrack or Kali ?
Any features which you felt is better then any commercial tool ?

These questions are very interesting…"it has many tools but are they good enough?"

I would suggest that the answer lies with the analyst, not the tools.

I use a number of the tools that come with SIFT…I wrote RegRipper…and I would suggest that with a little bit of knowledge, the use of those tools can be much more powerful than any commercial application.

 
Posted : 29/04/2014 5:46 pm
Share: