SIFT2.0 SANS Investigative Forensics Toolkit released

Published: 2010-03-26
Last Updated: 2010-03-26 15:03:16 UTC
by Daniel Wesemann (Version: 1)
9 comment(s)

SANS Faculty Fellow Rob Lee created the SANS Investigative Forensic Toolkit(SIFT) Workstation, which is also featured in the SANS FOR 508 course, in order to show that advanced investigations and investigating hackers can be accomplished using freely available open-source tools. The new version of SIFT was just released and is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. More information on the SANS forensics curriculum and SIFT2.0 can be found on , respectively the download section on that page.

Keywords: forensics
9 comment(s)


Any chance of putting a torrent up?
Just be patient .. a lot of people want to grab SIFT2.0 right now, but chances are that by early next week the load will even out.
Do I have to be enrolled in the class to get the tools? My portal account doesn't authenticate.
I'll wait for the demand to die down before downloading it, but I do have a question.

Can the VMware image be used with VirtualBox?
@Jason Yes...Virtual Box comes with a bunch of tools that allow you to convert VMware to VBox images, as well as using a dedicated external drive for visualizing. Here is instructions using Ubuntu:
I created three accounts on the website already and whenever I try to download it prompts me to login then says i dont have an account.
I had issues last week trying the download, decided to try it this AM, but still utterly so slow. An 800MB file on my connection is about 35 mins. I started the download around 9:30AM and cancelled it at 12:30 since it was only 212MB thru. Trying again, but throughput is only about
28.8KB. Ugh, wanted the new version with my 508 class I am now in.
I timed out after 679 Mb and 739 Mb. Averaged about 30-40k most of the time, then down to <20, then timed out.
Did anyone ever provide a torrent? I'm on my third attempt to download at the blazing speed of 21k/sec.

Diary Archives