logo

SANS SIFT Tools: Forensic Analysis on Windows and Linux Systems

   

Added on  2022-11-09

13 Pages851 Words96 Views
SANS SIFT Tools
1
SANS SIFT TOOLS
By [Student Name]
Course name
Professor’s Name
Institution
Location of Institution
Date
SANS SIFT Tools: Forensic Analysis on Windows and Linux Systems_1
SANS SIFT Tools
2
SANS SIFT Tools
The SANS SIFT tools are forensic programs that have been made available to perform
forensic analysis on various sets of images (Shrivastava, et al., 2018). It can be used both on the
Windows and Linux systems, either on a local computer or a remote server (Lucas, 2018). This
lab project required the exploration of tools that are available within the SIFT ensemble
(Altheide & Carvey, 2011).
It was required that the analysis be conducted on a remote server that has pre-installed
sift tools (Cerri, 2015). In order to begin the exercise, a successful connection to the remote
server had to be made through a secure shell.
The SIFT ensemble contains a list of software and python scripts that are downloaded
upon installation of the system on a workstation. The following screenshot shows a list of python
scripts that are available within the bins folder, which are related to the SIFT software.
SANS SIFT Tools: Forensic Analysis on Windows and Linux Systems_2
SANS SIFT Tools
3
Sample Evidence File
A sample evidence file was downloaded as an E01 image file from https://www.digital-
detective.net/example/2011-10-19-Image.zip into the cases folder on the Desktop. It was
unzipped into the same folder as shown below.
1. Mounting the EO1 file onto the system
The first step is to enter the super-user mode using the sudo su command and then
mounting the EO1 file using the ewfmount tool, onto the /mnt/ewf_mount/ location
SANS SIFT Tools: Forensic Analysis on Windows and Linux Systems_3
SANS SIFT Tools
4
Operating System Information
In order to check the details of the operating system, the file <mounted image> is used.
The image under investigation is a computer with Microsoft Windows Vista. The file
system is NTFS.
SANS SIFT Tools: Forensic Analysis on Windows and Linux Systems_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
MN624 Digital Forensics - Assignment
|19
|1225
|41

File System Forensic Analysis Report
|15
|4700
|348

Lab 3 & 4 Week: Data Leakage Analysis | Assignment
|5
|954
|22