SIFT was developed by an international team of digital forensic experts who frequently update the toolkit with the latest FOSS forensic tools to support current.

The free SIFT workstation, can match any modern forensic tool suite, is also directly featured and taught in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508).

It covers some of the core methods to extracting data from SQLite databases.

The SANS Investigative Forensic Toolkit (SIFT) Workstation is an Ubuntu-based Linux Distribution ("distro") that is designed to support digital forensics (a.

SIFT Workstation, ™ created by Rob Lee, is a powerful toolkit for examining forensic artifacts related to file system, registry, memory,.

View digital forensics. computer forensics).

Over the past year, 20,000 individuals have downloaded the SIFT workstation and it has become a staple in many organizations key tools to perform investigations. This documentation is meant for developers of SIFT or those interested in the low-level details (programming interfaces, public APIs, overall designs, etc). SANS DFIR Cheatsheets to Help Use the Tools in the Field. SIFT demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely.

It is compatible with expert witness format (E01), advanced forensic format (AFF), raw (dd), and memory analysis evidence formats.

The SIFT Workstation is a collection of tools for forensic investigators and incident responders, put together and maintained by a team at SANS and specifically Rob Lee, also available bundled as a virtual machine.

Two examples are the SANS FOR508: Advanced Incident Response training course (SANS Institute, n.

