SIFT Update 3

SIFT Update 3

Introduction

As we are coming to an end working at the Senator Leahy Center for Digital Investigation, we are closer to completing our final report. Our last post was about recovering artifacts and keyword searches. Due to time issues and inexperience, our team couldn’t recover deleted files.

Experience

Throughout the semester, working at the LCDI with the SIFT-workstation has been a refreshing challenge. Coming into the Center has always been a fun and engaging experience. We’ve learned vital information, especially in regards to digital forensics. We’ve even been exposed to the Linux Command Line.

Researching the SIFT-workstation from SANS also exposed us to quite a bit of information about SANS. The more we have learned, the more we have realized how exciting the digital forensics field can be. From a first year student’s perspective, technical jargon and new information can be daunting. With the amount of easy-to-read information that SANS has put out, our team agrees that learning becomes simpler.

In regards to the Linux Command Line, our team was subjected to the experience of learning syntax, system commands, and other programs. Both my partner and I have heard from our professors that these skills are integral as investigators. Having that experience is important to us as aspiring students.

Since we are nearing the end of our time on this project, our team has focused on learning how to generate timelines and search clusters. We’ve also looked into bulk extraction and learned that these are typical and required tasks in this field.

Conclusion

In the end, our experience at the LCDI has been overwhelmingly positive and beneficial. We were exposed to and learned from largely important topics which is an opportunity we’ll always be grateful for. Although our team didn’t meet every expectation we had, we still experienced much more than we expected out of the internship.