What Is SANS SIFT (SANS Investigative Forensic Toolkit)?
The SANS SIFT Workstation aka the SANS Investigative Forensic Toolkit is a computer forensics Virtual Machine appliance for VirtualBox and VMware.
The computer forensics VM by SANS Institute is preloaded with several useful tools for digital forensic professionals which permits them to carry out comprehensive digital forensic examinations easily.
The toolkit is well suited with various formats such as the expert witness format, raw evidence formats, and advanced forensic format.
The toolkit not only works with VMWare Player and
This guide will show you how to install SANS SIFT Workstation on VirtualBox easily.
1. The first step is to download and install VirtualBox from the official site.
Ensure that you have the latest version of VirtualBox before proceeding.
2. Download the SIFT Workstation OVA file from the official SANS download page.
To download the OVA file, you must have a SANS account. If you do not, create a free one.
Wait until the SIFT-Workstation OVA file finishes downloading.
3. Import SIFT Workstation Virtual Machine Appliance.
Open the downloaded SIFT Workstation OVA file from the VirtualBox user interface via File > Import Appliance.
Feel free to change the name of the Virtual Machine, the
4. Launch the SANS SIFT Workstation Virtual Machine From VirtualBox.
To start SIFT, double click on the newly imported VM in VirtualBox.
The default account credentials for the SIFT Virtual Machine is:
Installing Guest Additions into the VM is not necessary.
We can fully use the SIFT computer forensics VM appliance without any issues.
We can make the screen size larger or go into full screen.
5. Create A Snapshot (Backup).
It’s a good idea to create a snapshot of the computer forensics VM appliance which would allow you to restore to the original VM if you experience technical issues or just want start off fresh again. This is great because you don’t have to go through the steps of importing the OVA files and altering the VM’s parameters again (VM name, cores utilized, amount of memory, etc.)
To create a snapshot
When the backup is created, we will see it in VirtualBox.
Creating a snapshot will save the SANS computer forensics virtual machine appliance’s current state which permits you to revert back whenever you would like.
This tutorial has illustrated how to install SANS SIFT Workstation on VirtualBox easily.
Therefore, we can see how digital forensic professionals can begin to take advantage of the essential tools in SANS SIFT for their investigations.