SIFT SANS

About SIFT SANS

Evidence in RAW (dd), AFF (Advanced Forensic Format), and E01 (Expert Witness Format) formats can all be analysed. SIFT features a wide array of utilities, such as log2timeline, Scalpel, Rifiuti, and many more. These tools can parse data files, sift through deleted files, and even construct a timeline using the information found in system logs. When you first enter the SIFT environment, you'll find a detailed explanation of where to look for evidence regarding a system.