SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThe SIFT Workstation is a collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep-dive digital forensic techniques can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
Click the 'Login to Download' button above and input (or create) your SANS Portal account credentials to download the virtual machine. Once you have booted the virtual machine, use the credentials below to gain access.
Having trouble downloading SIFT? If you are having trouble downloading the SIFT Workstation VM, please contact sift-support@sans.org and include the URL you were given, your public IP address, browser type, and if you are using a proxy of any kind.
1. Install Windows Subsystem for Linux (WSL) according to Microsoft’s latest guidance, currently located at https://docs.microsoft.com/en-us/windows/wsl/install-win10. The SIFT distribution can be installed on either WSL version 1 or version 2.
1. Choose Ubuntu 22.04 during the WSL installation process.
2. Launch the Ubuntu Bash Shell and elevate to root (**sudo su**) to avoid permissions issues during the installation process.
3. Install the Latest Cast Binary from its release page
4. Run '**sudo cast install --mode=server teamdfir/sift-saltstack**' to install the latest version of SIFT in WSL
5. Congrats -- you now have a SIFT Workstation in Windows!
A key tool during incident response, helping incident responders identify and contain advanced threat groups. The SIFT provides robust capabilities for analyzing file systems, network evidence, memory images, and more.
File system support
Evidence Image Support
Incident Response Support
Software Includes:
REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools. REMnux is used in SANS FOR610: Reverse Engineering Malware.
REMnux can be added into a SIFT Workstation installation. To install REMnux, first install the SIFT Workstation using the instructions found above. Then, follow these instructions to add the REMnux components.
A former U.S. Air Force cyber warfare officer, Robert led the NSA’s first mission targeting threats to industrial infrastructure. Now at Dragos, he spearheads global defense of critical systems, shaping national policy and industry threat response.
Read more about Robert M. Lee