SANS faculty members maintain two popular Linux distributions for performing digital forensics and incident response (DFIR) work. SIFT Workstation,™ created by Rob Lee, is a powerful toolkit for examining forensic artifacts related to file system, registry, memory, and network investigations. REMnux® , created by Lenny Zeltser, focuses on malware analysis and reverse-engineering tasks. These freely available toolkits can be combined on a single host to create the ultimate forensication machine.