SIFT Workstation 2.12 Release and ChangeLog

Due to several issues with libewf and minor bugs found in log2timeline and log2timline-sift, we have released a new version of the SIFT Workstation.  This is not a major release, but I did have time to go and refresh many packages built in it.  The next release will update the ubuntu backend and be a major update.

There are a lot of cool new little utilities that have been added that I’d take some time to explore.  If you find any bugs please let me know by commenting to this post or contacting me at rlee ‘at’ sans.org

http://computer-forensics11.sans.org/community/downloads

SIFT WORKSTATION Version 2.12 Changes

Updated –

  • AFFLIB Updates
  • log2Timeline 0.62
  • log2timeline-sift 11-6
  • Regripper Plugins (20111118)
  • Volatility Update
  • sleuthkit 3.2.3
  • libewf updates (fixed most bugs)
  • reglookup 1.0.1
  • scalpel 2.0
  • libpff
  • libesedb
  • libmseicf
  • liblnk2
  • liblnk
  • libeolcf
  • usp .13
  • lp .46
  • pf .92
  • maclookup
  • parse_evtx
  • Linux_MFT_Parser_GUI

Added –

  • dff – Digital Forensic Framework
  • shellbags (by Willi ballenthin)
  • INDXParse (by willi ballenthin)
  • python-registry
  • maltego
  • body_outliers
  • srch_strings_wrap and associated scripts
  • libbfio
  • raw2vmdk.jar
  • Volatility Timeliner

Published by

Rob Lee

Rob Lee is an entrepreneur and consultant in the Washington DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Rob has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information warfare. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics. Prior to starting his own firm, he directly worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and an exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob was also a director for MANDIANT, a company focused on investigating advanced adversaries, such as the APT, for four years prior to starting his own business. Rob co-authored the book Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. He was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast Awards. Rob is also an ardent blogger about computer forensics and incident response topics at the SANS Computer Forensic Blog. Rob is also a co-author of the MANDIANT threat intelligence report M-Trends: The Advanced Persistent Threat.