F8AID Attested · F8Sec
⬤ connecting…
SIFT Workstation
SANS Institute · Rob Lee  |  REMnux · Lenny Zeltser
🔐

SIFT Portal Access

Admin PIN or slot token issued at gate.portal.j0l1.com

Invalid token — check credentials

Invalid credentials

🔬

DFIR Artifact Investigation Portal

Upload any forensic artifact with its SHA256. Claude CLI on the SIFT workstation runs 55+ tools and produces a downloadable HTML report.

PE / DLL / SYS Memory Dump Disk Image (AFF/DD/E01) PCAP EVTX PDF · Email · ZIP
01 🗄️
Sample Artifacts — SIFT Workstation
Pre-staged forensic images from SANS competition cases. Click any artifact to prefill its hash for investigation.
Loading…
02 🌐
Live Threat Intel · Tria.ge Sandbox
Pull live malware samples directly from Tria.ge sandbox — family classification, C2 addresses, and sandbox PCAPs ready to investigate.
Click Load Top 10 to fetch latest malware from Tria.ge — pull samples or PCAPs directly to SIFT.
03 🎓
DFIR Teach Mode — Step-by-step AI Instruction
AI-led DFIR walkthrough on the SIFT workstation. Each command is explained before execution — methodology, tool choice, and real-world context.
Level:
Topic or scenario:
Teach from past case (optional):
Claude will reference real artifacts from the selected case during instruction.
04 🏆
HACKATHON-2026 — FIND EVIL! Competition
SRL-2018 memory images. vol3 preflight + E2E analysis with Volatility3 + SIFT. Click any image to begin.
Loading competition files…

🎓 DFIR Instruction

🔍 DFIR CHAT — Claude guides step by step
// Select a case or enter a topic above, then click START LESSON
sansforensics / f8sift2026!
⏳ Loading shell…
💻 SIFT Shell — follow along interactively
⏳ Loading shell… click SHELL READY below.
Shell credentials: sansforensics / f8sift2026!

Investigating…

🔧 sift-mcp tool calls

Investigation Report

⚗️ Upload & Cases
📤 Upload Artifact
📁

Drop artifact here
or click to browse
Max 500MB

SHA256 *required
Investigation Focus (optional)
Hash Lookup
📂 Cases
Loading…
PANEL ◀