Attacks/Breaches
1/7/2014
11:33 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0 To Debut At DFIRCON

SIFT 3.0 is a group of free open-source forensic tools designed to perform detailed digital forensic examinations

BETHESDA, Md., Jan. 6, 2014 /PRNewswire-USNewswire/ -- SANS Institute today announced it will debut a new version of its popular digital forensic examination toolkit, SIFT Workstation, at the upcoming SANS Digital Forensics and Incident Response Training Event (DFIRCON -- pronounced d?-'f?r-'kän) in Monterey, CA, March 5 - 10. SIFT 3.0 is a complete rebuild of the previous SIFT version and features the latest digital forensic tools available today.

Offered free of charge, the SIFT 3.0 Workstation will debut during SANS'

Advanced Computer Forensic Analysis and Incident Response course (FOR508) at DFIRCON. SIFT 3.0 demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

"Even if SIFT were to cost tens of thousands of dollars, it would still be a very competitive product," says, Alan Paller, director of research at SANS. "At no cost, there is no reason it should not be part of the portfolio in every organization that has skilled forensics analysts."

Developed and continually updated by an international team of forensic experts, the SIFT is a group of free open-source forensic tools designed to perform detailed digital forensic examinations in a variety of settings. With over

100,000 downloads to date, the SIFT continues to be the most popular open-source forensic offering next to commercial source solutions.

"The SIFT Workstation has quickly become my "go to" tool when conducting an exam. The powerful open source forensic tools in the kit on top of the versatile and stable Linux operating system make for quick access to most everything I need to conduct a thorough analysis of a computer system," said Ken Pryor, GCFA Robinson, IL Police Department.

Key new features of SIFT 3.0 include:

-- Ubuntu LTS 12.04 Base

-- 64 bit base system

-- Better memory utilization

-- Auto-DFIR package update and customizations

-- Latest forensic tools and techniques

-- VMware Appliance

-- Ready to tackle forensics

-- Cross compatibility between Linux and Windows

-- Option to install stand-alone via (.iso) or use via VMware

Player/Workstation

About DFIRCON

This unique Digital Forensics and Incident Response (DFIR) event brings SANS'

most popular forensics courses, instructors, and bonus seminars together in one place. It is one of the industry's most comprehensive DFIR training experiences.

DFIRCON will be held in in Monterey, CA, March 5 - 10, 2014. For more information, including panel and discussion overviews, a complete list of instructors, or to register for the event or one of the courses offered via simulcast, please visit: http://www.sans.org/info/147850

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

(www.SANS.org)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web