SANS Investigative Forensic Toolkit (SIFT) Advanced

Included in your paid tuition, you will receive the SANS Investigative Forensic Toolkit (SIFT) Advanced. Using the hardware and software in this toolkit, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation. You will learn best practices on how to investigate and recover deleted data. The course will demonstrate how forensic tools recover evidence so you can articulate how the tool works in-depth. We will examine various investigation methodologies and techniques, discovering new places to find evidence and discover the tracks of a motivated suspect, who is trying to stay hidden.

The SIFT Kit Advanced consists of:

• Single Licensed Copy of HELIX3 Pro CD for Live Response and Data Acquisition
• Hard Drive USB evidence acquisition kit for SATA/IDE hard drives 1.8"/2.5"/3.5"/5.25"
• SANS VMware based Forensic analysis workstation equipped to investigate forensic data (Download SIFT Toolkit)
• Course DVD loaded with case examples, tools, and documentation
• Best-selling book "File System Forensic Analysis" by Brian Carrier

New Addition! The SIFT Kit Advanced will now include a single version Helix3 Pro that will be individually licensed to each student. Helix3 Pro is a brand new acquisition and analysis framework. This license is for the current release of Helix3 Pro only and does not include the Helix Pro subscription. As a result, students will not receive access to the Helix forum, white papers, webinars, and additional Helix software downloads.

• Works on Mac OS X, Windows, and Linux.
• Simplified Live Analysis with both Memory and Disk Acquisition
• Built in Memory Analysis
• Boots most Intel x86 machines including Mac OS X

Note: The SANS Investigative Forensic Toolkit (SIFT) Advanced is included with SECURTITY 508: Computer Forensic And E-Discovery Essentials.

For those attending SEC508 at SANS NS2009 the essentials kit is available for purchase