Having more than 100,000 downloads to date, SIFT continues to be a widely used open-source forensic and incident response tool.
Tools can be opened manually from the terminal window or with the help of top menu bar. It also explains where evidence can be found on a system. SIFT provides user documentation that allows you to get accustomed to the available tools and their usage. It comes with tools to carve data files, generate timeline from system logs, examine recycle bins, and much more. It supports analysis in advanced forensic format (AFF), expert witness format (E01) and RAW evidence (DD) format. SANS Investigative Forensic Toolkit (SIFT)īased on Ubuntu, SIFT has all the important tools needed to carry out a detailed forensic analysis or incident response study. These are multipurpose forensic toolkits that can carry out a number of detailed digital forensic tasks.