Russ McRee over at holisticinfosec.org has once again written an excellent ISSAToolsmith article. This article is a review/tutorial of SIFT - SANSInvestigative Forensic Toolkit. SIFTis Rob Lee's open source forensic toolkit used for the SANSSEC508. Daniel Wesemann announced the availability of SIFTin a previous diary.
As usual Russ provides good insight into the high points of SIFTincluding how to install and configure SIFT. He then walks you through some of the features of SIFTby performing a basic investigation of a memory image.
While the article only scratches the surface it is definitely worth the read if you are interested in forensics using open source tools.

-- Rick Wanner - rwanner at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.