Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SIFT review in the ISSA Toolsmith SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SIFT review in the ISSA Toolsmith

Russ McRee over at holisticinfosec.org has once again written an excellent ISSA Toolsmith article.  This article is a review/tutorial of SIFT - SANS Investigative Forensic Toolkit.  SIFT is Rob Lee's open source forensic toolkit used for the SANS SEC 508.  Daniel Wesemann announced the availability of SIFT in a previous diary.

As usual Russ provides good insight into the high points of SIFT including how to install and configure SIFT.  He then walks you through some of the features of SIFT by performing a basic investigation of a memory image.

While the article only scratches the surface it is definitely worth the read if you are interested in forensics using open source tools.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Rick

294 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!