Attacks/Breaches
1/7/2014
11:33 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0 To Debut At DFIRCON

SIFT 3.0 is a group of free open-source forensic tools designed to perform detailed digital forensic examinations

BETHESDA, Md., Jan. 6, 2014 /PRNewswire-USNewswire/ -- SANS Institute today announced it will debut a new version of its popular digital forensic examination toolkit, SIFT Workstation, at the upcoming SANS Digital Forensics and Incident Response Training Event (DFIRCON -- pronounced d?-'f?r-'kän) in Monterey, CA, March 5 - 10. SIFT 3.0 is a complete rebuild of the previous SIFT version and features the latest digital forensic tools available today.

Offered free of charge, the SIFT 3.0 Workstation will debut during SANS'

Advanced Computer Forensic Analysis and Incident Response course (FOR508) at DFIRCON. SIFT 3.0 demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

"Even if SIFT were to cost tens of thousands of dollars, it would still be a very competitive product," says, Alan Paller, director of research at SANS. "At no cost, there is no reason it should not be part of the portfolio in every organization that has skilled forensics analysts."

Developed and continually updated by an international team of forensic experts, the SIFT is a group of free open-source forensic tools designed to perform detailed digital forensic examinations in a variety of settings. With over

100,000 downloads to date, the SIFT continues to be the most popular open-source forensic offering next to commercial source solutions.

"The SIFT Workstation has quickly become my "go to" tool when conducting an exam. The powerful open source forensic tools in the kit on top of the versatile and stable Linux operating system make for quick access to most everything I need to conduct a thorough analysis of a computer system," said Ken Pryor, GCFA Robinson, IL Police Department.

Key new features of SIFT 3.0 include:

-- Ubuntu LTS 12.04 Base

-- 64 bit base system

-- Better memory utilization

-- Auto-DFIR package update and customizations

-- Latest forensic tools and techniques

-- VMware Appliance

-- Ready to tackle forensics

-- Cross compatibility between Linux and Windows

-- Option to install stand-alone via (.iso) or use via VMware

Player/Workstation

About DFIRCON

This unique Digital Forensics and Incident Response (DFIR) event brings SANS'

most popular forensics courses, instructors, and bonus seminars together in one place. It is one of the industry's most comprehensive DFIR training experiences.

DFIRCON will be held in in Monterey, CA, March 5 - 10, 2014. For more information, including panel and discussion overviews, a complete list of instructors, or to register for the event or one of the courses offered via simulcast, please visit: http://www.sans.org/info/147850

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

(www.SANS.org)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio