The SANS Investigate Forensic Toolkit (SIFT) is an interesting tool created by the SANS Forensic Team and is available publicly and freely for the whole community. It comes with a set of preconfigured tools to perform computer forensic digital investigations. This is based on Ubuntu and has a long list of tools for present forensic needs. We will have a walkthrough of some of the very famous tools used in forensic investigations.
You can download the SIFT iso from this link:
http://computer-forensics.sans.org/community/downloads
It supports evidence formats such as raw format (.dd), encase image file format (E01), and advanced forensics format (AFF).
Setup
There are a few things that you might need for booting this up, such as:
- VMware/ Virtual Box
- Good RAM, CPU and hard disk space
- SIFT ISO/ VM image
This includes a long list of software, a few of which we would cover with a complete tutorial based on forensic analysis, such as:
- Autopsy
- DFF – Digital Forensic Framework
- EVTX – Event Log Viewer
- Maltego
- PTK
- Md5deep
- SANS Cheatsheets
- Volatility
Md5deep
This is a small command line utility in SIFT that may be used for calculating MD5 hashes, comparing hashes, and playing around with them. Suppose we want to check if the integrity of our file is maintained: We can simply hash it and check. Any changes made to the file will change its MD5 hash. So let’s calculate an MD5 for our image file before doing the forensic analysis. You can see the MD5 calculated in the screenshot by our tool:
==> Read More
No comments:
Post a Comment