The SIFT Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings.
It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
Who Created the SIFT?
Rob Lee and his team created and continually update the SIFT Workstation. It’s successfully used for incident response and digital forensics and is available to the community as a public service. With over 100,000 downloads to date, the SIFT continues to be the most popular open-source incident-response and digital forensic offering next to commercial source solutions.
Offered as an open source and free project, the SIFT Workstation is taught only in the following incident response courses at SANS:
- Advanced Incident Response course (FOR508)
- Advanced Network Forensics course (FOR572)
- Cyber Threat Intelligence (FOR578)
- Memory Analysis In-depth (FOR526)
“Even if SIFT were to cost tens of thousands of dollars, it would still be a very competitive product,” says, Alan Paller, director of research at SANS. “At no cost, there is no reason it should not be part of the portfolio in every organization that has skilled incident responders.”
“The SIFT Workstation has quickly become my “go to” tool when conducting an exam. The powerful open source forensic tools in the kit on top of the versatile and stable Linux operating system make for quick access to most everything I need to conduct a thorough analysis of a computer system,” said Ken Pryor, GCFA Robinson, IL Police Department
Key new features of SIFT include:
- Ubuntu LTS 16.04 Base
- 64-bit base system
- Better memory utilization
- Auto-DFIR package update and customizations
- Latest forensic tools and techniques
- VM Appliance ready to tackle forensics
- Cross compatibility between Linux and Windows
- Option to install stand-alone system via SIFT-CLI installer
- Online Documentation Project at http://sift.readthedocs.org/
- Expanded Filesystem Support