SIFT Workstation 2.0 Download Location
* http//computer-forensics.sans.org
o Look under the Community Tab -> Select Downloads
Background
Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation featured in the Computer Forensic Investigations and Incident Response course (FOR 508) in order to show that advanced investigations and investigating hackers can be accomplished using freely available open-source tools.
The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite. Optionally, you can download the SIFT Workstation DVD ISO which will allow you to install this on a stand-alone system.
SIFT Workstation 2.0 Capabilities
Ability to securely examine raw disks, multiple file systems, evidence formats. Places strict guidelines on how evidence is examined (read-only) verifying that the evidence has not changed
File system support
* Windows (MSDOS, FAT, VFAT, NTFS)
* MAC (HFS)
* Solaris (UFS)
* Linux (EXT2/3)
Evidence Image Support
* Expert Witness (E01)
* RAW (dd)
* Advanced Forensic Format (AFF)
Software Includes
* The Sleuth Kit (File system Analysis Tools)
* log2timeline (Timeline Generation Tool)
* Regripper (registry mining)
* ssdeep & md5deep (Hashing Tools)
* Foremost/Scalpel (File Carving)
* WireShark (Network Forensics)
* Vinetto (thumbs.db examination)
* Pasco (IE Web History examination)
* Rifiuti (Recycle Bin examination)
* Volatility Framework (Memory Analysis)
* DFLabs PTK (GUI Front-End for Sleuthkit)
* Autopsy (GUI Front-End for Sleuthkit)
* PyFLAG (GUI Log/Disk Examination)
* And over 150 more tools/capabilities
Rob,
Downloading this now, if you need mirrors for the VM let me know and I'll put it on Forensic 4cast.
First day will be the roughest. If it were me, I would download it tomorrow on the weekend. It will spike today. We usually do not have a great issue and like E-Fense, if something changes or I find a bug, much easier to switch the version out quickly with an updated one.
–Rob
Agreed. Plus I am not going to register. Also waiting for .1 version D
Rob,
Is there a change log? I have Version 2.0 (7-24-2009) from class.
Is there a way to download this with wget or aria2? I am in Cambodia on unreliable internet so I need a way to deal with interupted downloads.
Or could it be put on a torrent like Linuxtracker?
I am hoping to make it to SANS Singapore but I would like to practice a bit before I arrive.
Are there any mirrors or other sources to download SIFT from? I've been repeatedly trying for the past three days, but the download site is frequently down and the downloads cut off after a few hundred MBs. I've tried from home, a friend's home, and work–all with the same results.
Thanks!
-John
Anyone found an alternate download location for this? The canonical download site appears well and truly hosed. Thanks in advance!
-Eric
I have been looking as well no luck.
The site just magically started responding and I'm getting good throughput.
-Eric