Re: [sleuthkit-users] SIFT workstation -- was "Autopsy analysis problem"
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] SIFT workstation -- was "Autopsy analysis problem"
|
From: Paul D. B. <pau...@po...> - 2010-04-02 01:01:34
|
Brad Celestin wrote: > I am quite new to Linux forensics, but I have quickly developed a deep > appreciation for how versatile many of the available tools are and how > knowledgeable many of the people using them are. > > I recently downloaded the SIFT 2.0 workstation from SANS.org which has > sleuthkit and autopsy 2.22 built into a VMware virtual machine. I also > installed Fedora 12 and the latest version of autopsy as a second OS. > Utilizing both of these I have been able to import a raw and an E01 > image into the program, but when I go to the analyze screen the /File > Analysis, File Type, and Meta Data/ tabs are grayed out. Additionally, > when I go to /Create Data File/ under /File Activity Timelines/ there > are no images available for me to select. What am I missing? > > Thanks, > Brad Celestin Brad, I suggest that you ask any questions regarding the SIFT workstation (SIFTW) on _another_ mailing list (ML), to wit: wi...@ya... Why? Well, the primary creator of the SIFTW is Rob Lee (of Mandiant), who is active on that mailing list, whereas, AFAICT, he does not comment much (if at all) on this ML -- perhaps because he is not subscribed hereto? Dunno. Keep in mind the audience for SIFTW: Windows users who do _not_ want to install Linux. If you already installed a Linux distribution that is designed for digital forensic (DF) examinations (e.g., SMART Linux or Caine Ubuntu), then SIFTW will likely avail you of no benefit whatsoever. That is my understanding. I suspect that VERY few participants hereon have not already installed Linux. I suspect that the overwhelming majority of the participants hereon have been using Linux for years, but I concede that I have no way of confirming that suspicion. For these DF examiners, SIFTW is not necessarily useful. Sincerely, Paul Bain |
