DEFT

DEFT stands for Digital Evidence and Forensic Toolkit and it's an open source distribution of Linux built around the DART (Digital Advanced Response Toolkit) software and based on the Ubuntu operating system.

Designed for police and military investigators

It has been designed from the ground up to offer some of the best open source computer forensics and incident response tools that can be used by individuals, IT auditors, investigators, military, and police.

However, the distro's strongest point is the huge collection of computer forensic tools that have their own entry in the operating system's main menu, called DEFT. The applications are organized into specific categories, including analysis, antimalware, data recovery, hashing, imaging, mobile forensics, network forensics, OSINT, password recovery, and reporting tools.

Distributed as a dual-arch Live DVD

The project is distributed as a single Live DVD ISO image that can be easily written to a blank or RW DVD disc, as well as deployed onto a USB flash drive. Supported architectures include both 32-bit and 64-bit hardware platforms.

It includes support for three languages, English, Spanish and Italian, selectable from the boot prompt of the Live DVD ISO image, which can also be used for installing the operating system on a disk drive, boot an existing OS, or run a memory diagnostic test.

Uses the lightweight LXDE desktop environment and includes popular apps

The distribution can be started in graphical mode or in text mode. It uses the lightweight LXDE desktop environment and includes popular applications like Google Chrome and Mozilla Firefox web browsers, Transmission BitTorrent client, Pidgin instant messenger, VLC Media Player, LibreOffice office suite, and Audacious audio player.

Also included are the Midnight Commander two-panel and PCManFM file managers, GParted disk partitioning tool, Disks disk management utility, and a mount manager software.

Bottom line

In conclusion, DEFT is a lightweight, fast and easy-to-use Ubuntu/Lubuntu-based Linux distribution designed to help you to recover data from damaged drives and broken operating systems.

What is new in this release:

• Among the biggest features: the support to NVMExpress memories (Mac Book ed. 2015), the eMMC memories and the UEFI support.

What is new in version 8.2:

• Fixed a bug that in some conditions prevented the system to be installed;
• Fixed the bug of DNS on /etc/resolv.conf;
• Fixed the bug of the apt-get sources.list;
• Improved device recognition in live-mode;
• Updated all packages to the latest Ubuntu release available for Quantal.

What is new in version 8.1:

• File Manager: we Implemented the disk mount's status. ( if the disk is mounted in RO/mode the eject button will be green, if it's RW/mode (a futher confermation will be required before going in this mode) the eject button will be orange,
• Full support for Bitlocker encrypted disks (thanks libbde!),
• The Sleuthkit 4.1.3,
• Digital Forensics Framework 1.3,
• Full support for Android and iOS 7.1 logical acquisitions ( libmobiledevice & adb ),
• JD GUI,
• Skype Extractor 0.1.8.8,
• Maltego 3.4 Tungsten,
• a new version of the OSINT browser,
• Fixed a bug in the /etc/apt/sources.list,
• full update of the deft packages and DART 2 software and tools,

What is new in version 8 Beta:

• 64 bit 3.5.0-30 Gnu Linux Kernel - brought down the limit of 4GB, Now you can use DEFT Linux on systems that have up to 25t6 TB of ram
• The Sleuthkit 4 (the stable version of DEFT 8 will include The Sleuthkit 4.1) and Autopsy 2 - Ready for Autopsy 3 on Linux (only for Law Enforcement)
• Digital Forensics Framework 1.3
• Libewf and AFFlib full support
• Xmount and Mount Ewf
• Guymager 0.7.1, Cyclone 0.2 and Esximager
• Recoll 1.19.5, software for indexing
• Bulk extractor 1.3.1 with Bulk extractor GUI 1.3
• Dumpy 0.2, an intelligence parsing tool to extract sensible data from anonymous dump - many thanks to Gianni Amato (guelfoweb) for the exclusive right
• Skype extractor
• Log2timeline 0.65
• iPBA 2 and Lib iMobile device 1.1.5 (full iOS 6.* support)
• Fastboot - re-flash Android partition tool
• Google Chrome Open Source INTelligence browser and TOR
• Maltego Radium (here there is a problem, we are waiting the Paterva support to fix it, sorry for that)
• Xplico 1.0.1 and CapAnalysis

What is new in version 7.2:

• Virtual appliance based on Vmware 5 with USB3 support
• Kernel 3.0.0-26
• Autopsy 3 beta 5 (using Wine - please note that you need minimum 1GB ram)
• Log2tmeline 0.65
• Guymager 0.6.12-1
• Vmfs support
• Some mirror fix

What is new in version 7.1:

• Bug Fix:
• Hb4most and xterm's problem fixed
• Gparted
• Updated packages:
• libewf-20120304
• bulk_extractor-1.2.0.tar.gz
• guymager 0.6.5-1
• iPhone Backup Analyzer 10/2012
• Xplico 1.0
• Computer Forensics side new tools:
• UsnJrnl-parser
• lslnk
• New implementations:
• After the great work done by Emanuele Gentili and Sandro Rossetti, we are delighted to introduce you the Cyber Intelligence side implementations and we'd like to remember you today there is no other freely distributed system that allows you to perform Intelligence tasks:
• OSINT:
• "OSINT Chrome browser": we customized Chrome with several plugins and resources to perform ‘Open Source Intelligence' related activities,
• Network Information Gathering:
• Host
• Nslookup
• Dig
• Nmap
• Zenmap
• Netcat
• Snmpcheck
• Nbtscan
• Cadaver
• Traceroute
• Hping3
• Xprobe
• Scapy
• Netdiscover
• Wireless Information Gathering:
• Kismet
• Web Application Information Gathering:
• Whatweb
• Cmsident
• Dirbuster
• Burpsuite
• Customized Chrome Browser (at least 1gb ram required)
• Social Information Gathering:
• Creepy
• Snmpcheck
• PieSpy
• Irssi
• Identity Protection Tools:
• TOR-Browser
• Anonymouse (http://anonymouse.org/anonwww.html)
• OSINT Global Framework:
• Maltego
• Proactive Resources

What is new in version 7:

• Based on Lubuntu 11.10
• Installable Distro
• Linux kernel 3.0.0-12, USB 3 ready
• Libewf 20100226
• Afflib 3.6.14
• TSK 3.2.3
• Autopsy 2.24
• Digital Forensic Framework 1.2
• PTK Forensic 1.0.5 DEFT edition
• Pyflag
• Maltego CE
• KeepNote 0.7.6
• Mobius Forensic
• Xplico 0.7.1
• Scalpel 2
• Hunchbackeed Foremost 0.6
• Findwild 1.3
• Bulk Extractor 1.1
• Dropbox Reader
• Emule Forensic 1.0
• Guymager 0.6.3-1
• Dhash 2
• Cyclone wizard acquire tool
• Ipddump
• Iphone Analyzer
• Iphone backup analyzer
• SQLite Database Browser 2.0b1
• BitPim 1.0.7
• Bbwhatsapp database converter
• Reggripper
• Creepy 0.1.9
• Hydra 7.1
• Log2timeline 0.60
• Wine 1.3.28

What is new in version 6.1:

• Start faster by 15% over the previous version
• Optimization initrd
• RegTime.py
• Recovery.py
• Fixed:
• Fixed problem of large pcap file uploads in Xplico
• Revision of all DEFT Extra's tools to comply with their License.
• DEFT 6 can boot from USB

What is new in version 6:

• [new] Update FTK Imager from 2.9 to 3
• [new] Update Digital Forensic Framework from 0.8 to 0.9
• [new] Added Xmount 0.4.4
• [new] Added mount_ewf utility
• [bug fix] VWrong Guymager release, now is the 0.5.7
• [bug fix] Fixed iso md5 file check
• [bug fix] Fixed some grammatical errors

What is new in version 5.1:

• Update: Sleuthkit 3.1.1 and Autopsy 2.24
• Update: Xplico to 0.5.7 (100% support of SIP - RTP codec g711, g729, g722, g723 and g726, SDP and RTCP)
• Update: Initrd
• Bug fix: Dhash report (reports were not generated)
• Bug fix: DEFT Extra bug fix (a few tools did not work if the operator click on their icons, added the dd tool for x64 machines)