DEFT - Computer Forensic Live System

DEFT - Computer Forensic Live System

DEFT (Digital Evidence & Forensic Toolkit) is a Linux distribution which is made up of a GNU / Linux and DART (Digital Advanced Response Toolkit), suite dedicated to digital forensics and intelligence activities.


DEFT Screenshot 1

The first version of Linux DEFT was introduced in 2005, and it is currently one of the main solutions employed by law enforcement agencies during computer forensic investigations. 

In addition to a considerable number of Linux applications and scripts, DEFT also features the DART suite containing Windows applications (both open source and closed source) which are still viable as there is no equivalent in the Unix world.

DEFT Screenshot 2


There are certain characteristics inherent to DEFT that minimize the risk of altering the data being subjected to analysis.

Some of those features are:
  • On boot, the system does not use the swap partitions on the system being analyzed.
  • During system startup there are no automatic mount scripts.
  • There are no automated systems for any activity during the analysis of evidence.
  • All the mass storage and network traffic acquisition tools do not alter the data being acquired.

Here are some of the applications in the DEFT:
  • Sleuthkit 
  • autopsy  
  • dff  
  • ptk forensic 
  • Maltego CE 
  • KeepNote  
  • hunchbackeed file carver 
  • Findwild 
  • Bulk Extractor 
  • Emule Forensic 
  • dhash 
  • libewf  
  • aff lib  
  • Disk Utility  
  • guymager  
  • dd rescue   
  • dcfldd  
  • dc3dd  
  • foremost  
  • photorec  
  • mount manager  
  • scalpel
  • Wipe  
  • hex dump 
  • outguess   
  • sqlite database browser  
  • bitpim  
  • bbwhatsapp database converter 
  • Dropbox reader 
  • iphone backup analyzer  
  • iphone analyzer 
  • creepy  
  • xprobe2 
  • xmount DEFT edition 
  • readpst  
  • chkrootkit  
  • rkhunter  
  • john 
  • catfish  
  • pasco  
  • md5sum 
  • sha1sum 
  • sha224sum 
  • sha256sum 
  • sha512sum 
  • md5deep 
  • sha1deep 
  • sha256deep 
  • pdfcrack cracking tool 
  • fcrackzip cracking tool 
  • Clam Antivirus  
  • mc  
  • dmraid 
  • testdisk  
  • ghex, light gtk hex editor 
  • vinetto 
  • Xplico DEFT edition 
  • Wireshark 
  • ettercap  
  • nmap  
  • Hydra 
  • log2timeline 
  • rifiuti2 
  • Wine 
  • mobius forensic



Comments