The SIFT Workstation contains well over 200 forensics, incident response, and pentesting tools pre-installed. Many fan favorites like Volatility, Plaso/log2timeline, and RegRipper have been updated to the latest versions.

Tools like ddrescue and testdisk have long been useful when dealing with damaged drives or partitions.

Malware analysis tools like pdf-parser, UPX, and radare2 are available for use, along with the CyberChef web app for all of your decoding needs. Foundational forensic tools like The Sleuth Kit and the incredible libyal libraries are pre-installed providing simple access to file system forensics and parsing of formats as diverse as Windows Volume Shadow Copies, OST files, and the WinEVTX format.

SIFT supports forensic images in expert witness format (E01), advanced forensic format (AFF), and raw (dd) formats in addition to newer archive formats like VHDX.

Virtualization software like Qemu, Docker, Wine, and the FUSE libraries make adding new software projects and working with unusual file formats possible. SIFT maintains both Python2 and Python3 support with many forensic-centric libraries pre-installed making it easy to import and immediately start using the ever-growing number of DFIR tools written in Python.

Get your copy of SIFT here.

From Chad Tilbury and the folks at SANS