[unisog] Computer Forensics Community Page @SANS

Rob Lee rlee at sans.org
Thu Feb 24 14:49:13 GMT 2011


If you could, could you drop a link on your .edu sites to our community page 
that has a lot of free resources?  http://computer-forensics.sans.org

Just a few of the things we are doing for for you are listed below.  We are 
trying to let the education community know they can utilize our SIFT workstation 
in their own courses as well.  Just send me a short note so I can drop your name 
on the list.  The SIFT workstation is a free download at the site above.


SANS has continued to develop our community outreach pages on the website to 
include a very popular blog to help the industry.  

Digital Forensic Blog - http://computer-forensics.sans.org/blog 

SANS and Rob Lee developed this blog and the related resources at 
computer-forensics.sans.org to provide a “home” for those that are focused on 
computer forensics, digital investigations, and incident response. Here you will 
find advice, research, training, and other resources to unravel incidents and 
fight crime.

SANS Investigative Forensic Toolkit (SIFT) Workstation - 

SANS SIFT Workstation Overview
• VMware Appliance
• Ready to tackle forensics
• Cross compatibility between Linux and
• Forensic tools preconfigured
• A portable lab workstation you can now
use for your investigations
• Option to install stand-alone via (.iso) or
use via VMware Player/Workstation
• Download from http://computerforensics.sans.org/community

Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit (SIFT) 
Workstation featured in the Computer Forensic Investigations and Incident 
Response course (FOR 508) in order to show that advanced investigations and 
investigating hackers can be accomplished using freely available open-source 

The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all 
the necessary tools to perform a detailed digital forensic examination. It is 
compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and 
raw (dd) evidence formats. The brand new version has been completely rebuilt on 
an Ubuntu base with many additional tools and capabilities that can match any 
modern forensic tool suite. It has the ability to securely examine raw disks, 
multiple file systems, and evidence formats. And it also places strict 
guidelines on how evidence is examined (read-only) verifying that the evidence 
has not changed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20110224/ccf7f321/attachment.htm 

More information about the unisog mailing list