Monday, January 31, 2011

2010 Toolsmith Tool of the Year: SIFT 2.0

As voted by you, the readers, the 2010 Toolsmith Tool of the Year is SIFT 2.0.
The SANS Investigative Forensic Toolkit (SIFT) Workstation Version 2.0, as discussed in May's ISSA Journal, is a Linux distribution that is preconfigured for forensic investigations. Created by Rob Lee for the SANS 508 track, SIFT 2.0 includes all the tools a forensic analyst/incident responder would require to conduct a thorough system investigation. I particularly favor it for memory analysis - grab a memory image from your victim system; pull it back to your SIFT VM and get down to business in no time flat.

Of 76 votes, SIFT 2.0 came in first with 24 votes (31.6%).
Rounding out the top five:
2) Firefox Addons for Security Practitioners with 20 votes (26.3%)
3) SamuraiWTF with 18 votes (23.7%)
4) NetWitness Investigator with 12 votes (15.8%)
5) Confessor and MOLE with 8 votes (10.5%)



On behalf of the ISSA Journal and I, congratulations to Rob Lee and his team!

del.icio.us | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

No comments: