SIFT Cheat Sheet

Forensic analysts serve on the front lines of computer investigations. This guide aims to support DFIR analysts in their quest to uncover the truth.  This cheat sheet is intended to be used as a reference for important forensics tools and techniques available using the SANS Linux SIFT Workstation. Topics covered include mounting evidence, recovering data, timeline creation, and detailed file system analysis.  This broad reference guide also serves as a reminder of the many Linux-based digital forensics and incident response capabilities available. 

July 8, 2024
470x382_Cheat_DFIR_SIFT.jpg