Machine Sans

SIFT Workstation

1. Washing Machine Sansui
2. Machine Sensor Tariff
3. Machine Sense

DOWNLOAD & INSTALL SIFT WORKSTATION

Download Machine Regular font free! - FontZone.net offering 1000's of FREE fonts to download to help the millions of designers across the globe expressing their creativity with much more diversity. Download the TH3 MACHINE font by Sharkshock. The TH3 MACHINE font has been downloaded 341,871 times.

Option 1: SIFT VM Appliance Download:

• Login = sansforensics
• Password = forensics

Option 2: SIFT Easy Installation:

1. Download Ubuntu 16.04 ISO file and install Ubuntu 16.04 on any system
2. Install SIFT-CLI using these install instructions
3. Run 'sudo sift install' to install the latest version of SIFT
4. Congrats -- you now have a SIFT workstation!!
• Login = sansforensics
• Password = forensics

Finding any bugs or install issues? If you are experiencing errors in SIFT itself, please submit errors, bugs, and recommended updates here: https://github.com/sans-dfir/sift/issues

SIFT Workstation Overview

Why SIFT?

The SIFT Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.

Who Created the SIFT?

Rob Lee and his team created and continually update the SIFT Workstation. It's successfully used for incident response and digital forensics and is available to the community as a public service. With over 100,000 downloads to date, the SIFT continues to be the most popular open-source incident-response and digital forensic offering next to commercial source solutions.

Offered as an open source and free project, the SIFT Workstation is taught only in the following incident response courses at SANS:

'Even if SIFT were to cost tens of thousands of dollars, it would still be a very competitive product,' says, Alan Paller, director of research at SANS. 'At no cost, there is no reason it should not be part of the portfolio in every organization that has skilled incident responders.'

'The SIFT Workstation has quickly become my 'go to' tool when conducting an exam. The powerful open source forensic tools in the kit on top of the versatile and stable Linux operating system make for quick access to most everything I need to conduct a thorough analysis of a computer system,' said Ken Pryor, GCFA Robinson, IL Police Department

Key new features of SIFT include:

• Ubuntu LTS 16.04 Base
• 64-bit base system
• Better memory utilization
• Auto-DFIR package update and customizations
• Latest forensic tools and techniques
• VM Appliance ready to tackle forensics
• Cross compatibility between Linux and Windows
• Option to install stand-alone system via SIFT-CLI installer
• Expanded Filesystem Support

Download SIFT Workstation VM Appliance

Having trouble downloading SIFT?

If you are having trouble downloading the SIFT Kit, please contact sift-support@sans.org and include the URL you were given, your IP address, browser type, and if you are using a proxy of any kind.

SIFT Login/Password:

After downloading the toolkit, use the credentials below to gain access.

• Login = sansforensics
• Password = forensics
• $ sudo su -
  • Use to elevate privileges to root while mounting disk images.

Manual SIFT Installation

Installation

Our goal is to make the installation (and upgrade) of the SIFT workstation as simple as possible, so we create the SIFT Command Line project, which is a self-container binary that can be downloaded and executed to convert your Ubuntu installation into a SIFT workstation. Check the entire project out at https://github.com/sans-dfir/sift

• To install the SIFT on Ubuntu 16.04 system:

  1. Install Ubuntu 16.04 on a system
  2. Download and install SIFT-CLI Tool by following these install instructions here: https://github.com/sans-dfir/sift-cli#installation
  3. $ sudo sift install

  To install the SIFT on Windows 10 system:

  1. Install Windows 10 Creators Edition or later on a system
  2. Open PowerShell as Administrator and run: Enable-WindowsOptionalFeature -Online
  -FeatureName Microsoft-Windows-Subsystem-Linux
  3. Launch Ubuntu Bash Shell from a windows PS or command prompt
  4. Download and install SIFT-CLI Tool by following these install instructions here: https://github.com/sans-dfir/sift-cli#installation
  5. $ sudo sift install

SIFT Workstation Capabilities

A key tool during incident response helping incident responders identify and contain advanced threat groups. The SIFT provides the ability to securely examine raw disks, multiple file systems, and evidence formats. It places strict guidelines on how evidence is examined (read-only) verifying that the evidence has not changed.

File system support

• NTFS (NTFS)
• iso9660 (ISO9660 CD)
• hfs (HFS+)
• raw (Raw Data)
• swap (Swap Space)
• memory (RAM Data)
• fat12 (FAT12)
• fat16 (FAT16)
• fat32 (FAT32)
• ext2 (EXT2)
• ext3 (EXT3)
• ext4 (EXT4)
• ufs1 (UFS1)
• ufs2 (UFS2)
• vmdk

Evidence Image Support

• raw (Single raw file (dd))
• aff (Advanced Forensic Format)
• afd (AFF Multiple File)
• afm (AFF with external metadata)
• afflib (All AFFLIB image formats (including beta ones))
• ewf (Expert Witness format (encase))
• split raw (Split raw files) via affuse
• affuse - mount 001 image/split images to view single raw file and metadata
• split ewf (Split E01 files) via mount_ewf.py
• mount_ewf.py - mount E01 image/split images to view single raw file and metadata
• ewfmount - mount E01 images/split images to view single raw file and metadata

Incident Response Support

• Rapid Scripting and Analysis
• Threat Intelligence and Indicator of Compromise Support
• Threat Hunting and Malware Analysis Capabilities

Software Includes:

• log2timeline (Timeline Generation Tool)
• Rekall Framework (Memory Analysis)
• Volatility Framework (Memory Analysis)
• 3rd Party Volatility Plugins
• bulk_extractor
• autopsy
• afflib
• afflib-tools
• ClamAV
• dc3dd
• imagemounter
• libbde
• libesedb
• libevt
• libevtx
• libewf
• libewf-tools
• libewf-python
• libfvde
• libvshadow
• lightgrep
• log2timeline
• Plaso
• Qemu
• regripper and plugins
• SleuthKit
• Hundreds of additional tools

SIFT Workstation and REMNux Compatibility

Important Note: The current version of REMnux only works with Ubuntu 14.04, NOT 16.04. Therefore it is currently NOT compatible with the newest version of the SIFT workstation. However, once REMnux is updated to work with 16.04, it will be compatible with SIFT.

SIFT Workstation How-Tos

Report Bugs

As with any release, there will be bugs and requests; please report all issues and bugs to the following website and location.

SIFT Recommendations

SIFT workstation is playing an essential role for the Brazilian national prosecution office, especially due to Brazilian government budgetary constraints. Its incident response and forensic capabilities are bundled on a way that allows an investigation to be conducted much faster than it would take if not having the right programs grouped on such great Linux distribution. The new version, which will be bootable, will be even more helpful. I'd highly recommend SIFT for government agencies or other companies as a first alternative, for acquisition and analysis, from the pricey forensics software available on the market.

- Marcelo Caiado, M.Sc., CISSP, GCFA, EnCE

What I like the best about SIFT is that my forensic analysis is not limited because of only being ableto run an incident response or forensic tool on a specific host operating system. With the SIFT VM Appliance, I can create snapshots to avoid cross-contamination of evidence from case to case, and easily manage system and AV updates to the host OS on my forensic workstation. Not to mention, being able to mount forensic images and share them as read-only with my host OS, where I can run other forensic tools to parse data, stream-lining the forensic examination process.

- Brad Garnett www.digitalforensicsource.com

On-Site Virtualization to Improve Business
Agility & Reduce Costs

Facilitate Multi-Location Data Redundancy & Recovery

Faster Server Deployment to Minimize Disruptions

Traditionally, the capital expense of purchasing a new server and getting it installed, configured, and data migrated from an old server can cost your business a lot of time and money. By taking advantage of our cost-efficient services, you can rest easy with the knowledge that we'll find you the best deal on a quality piece of hardware. From planning to integration, RDI understands every component of a new server and can help you seamlessly transition during a time when disruptions are minimal for your team.

By having a future-proof server migration and management strategy for server infrastructure and data management, your organization can budget effectively, plan for upgrades over time, and replace components before end-of-life to conserve IT resources.

Server Deployment Features & Benefits

• Domain Services
• File & Print Services
• Redundant Data Backup Solutions
• Redundant Server Power Solutions

Washing Machine Sansui

• Secure Data Migrations
• Secure Data Archival
• Installation & System Testing
• Managed Security Services

• Efficient IT Maintenance & Increased Security
• Customized Price Modeling
• System Planning for Server Life-Cycle
• Server Decommissioning

What Is Server Virtualization?

Server virtualization and Storage Area Networks (SANs) are ideal for medium-sized and enterprise businesses that use 3 or more servers or have servers that are outdated and/or overloaded. Server virtualization tools reduce the need for physical hardware systems by allowing multiple operating systems (OS) to run independently of each other on virtual machines (VMs) in a data center. The resulting increase in resource-utilization lowers the overall server costs.

Virtualization software, called hypervisors, encapsulates the operating system and provides a shim layer between hardware resources. This means resources such as processors, memory, and SSD’s or disks can be shared across multiple virtual machines. Configuring and maintenance of local virtualized servers has traditionally been complex which drives businesses to use public cloud vendors.

True to form, RDI provides fully managed, local virtualization environments to allow your business to scale, take ownership of data, reduce costs, and eliminate support headaches that big vendors cause.

How Do I Know A SAN Is Right For My Business?

A business that has 2 or more servers and/or lots of virtual machines or applications could be a good candidate to consider adding a Storage Area Network (SAN). When virtualization is paired with a SAN, multiple business locations or multiple virtual servers can share data storage to further reduce costs. SANs facilitate enterprise-class data redundancy for multiple-location businesses and can provide fast SSD storage or slower tiered disk storage depending upon application needs.

For example, databases may require SSD’s but backups may be okay on slower tiered storage. By storing local backups and having data redundancy, SANs create a high-availability environment for businesses and help minimize data recovery time objectives (RTOs). In advanced configurations, RDI can also provide realtime data mirroring between locations for critical geographic redundancy.

Reduce Hardware Complexity

Often, a business may have multiple hosted SaaS (software as a service) or hosted PaaS (platform as a service) applications that don’t work well together. For example, an email server and an accounting software application may not work well together due to security requirements, policies, software configurations, etc. So instead of having two expensive servers to run both applications separately, a business can virtualize their servers to allow both applications to run on virtual machines instead. This reduces hardware complexity and maintenance requirements while yielding recovery, backup, and performance benefits.

Server Virtualization Features & Capabilities

Run Multiple Virtual Machines on the Same Hardware

Patch or Backup Virtual Machines Without Interrupting Service

Centrally Control & Optimize Virtual Machine Environments

Layered Security for Hypervisors, Hosts, & Virtual Machines

Machine Sensor Tariff

Capability to Unite Multiple Locations With Centralized VMs

Reduce Costly Energy & Cooling Expenses for Many Physical Servers

Migrate Live Virtual Machines Between Hosts During Scheduled Maintenance

Machine Sense

High-Availability, High-Reliability Operations to Ensure Business Continuity

Easily Add Virtual Machines or Adjust Resources to Keep up With Your Evolving Needs

Monitor Server Health, Reduce Performance Bottlenecks, & Easily Rebalance Workloads

Downloads