SIFT
SIFT is a digital forensics toolkit that serves as a metadata repository for discussions and issue tracking related to forensic investigations. The toolkit includes several components: - Cast for installation management (replacement for the deprecated SIFT CLI) - SaltStack for executing forensic tasks and configurations - Packer for building machine images - Package-scripts for building specific forensic packages SIFT supports Ubuntu distributions including 20.04 (Focal) and 22.04 (Jammy). Installation is performed using the command 'sudo cast install teamdfir/sift-saltstack'. Cloud deployment options are available through AWS, which provides headless AMIs with the default user 'sansforensics' under account ID 469658012540. The toolkit is designed to provide forensic investigators with a comprehensive environment for digital evidence analysis and case management.
FEATURES
SIMILAR TOOLS
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
A library for accessing and parsing Microsoft Internet Explorer cache files (index.dat) to extract URLs, timestamps, and cached content for digital forensic analysis.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.