SIFT is a computer forensics distribution that installs all necessary tools on Ubuntu to perform a detailed digital forensic and incident response examination. It is compatible with expert witness format (E01), advanced forensic format (AFF), raw (dd), and memory analysis evidence formats.
The toolkit has the ability to securely examine raw disks, multiple file systems, and evidence formats. It places strict guidelines on how evidence is examined (read-only), verifying that the evidence has not changed.
Software
- The Sleuth Kit (File system analysis tools)
- Plaso and log2timeline (timeline generation tool)
- ssdeep & md5deep (hashing tools)
- Foremost/Scalpel (File Carving)
- Wireshark (Network Forensics)
- Volatility Framework (memory analysis)
- Autopsy (GUI front-end for Sleuthkit)