DEFT or Digital Evidence & Forensic Toolkit is a Linux distribution that is made up of a GNU / Linux and the DART (Digital Advanced Response Toolkit), suite it is dedicated to digital forensics and other intelligence activities.
The very first version of DEFT Linux was introduced back in 2005, and it is now one of the main solutions used by the law enforcement agencies in the times of computer forensic investigations.
In addition to the considerable number of Linux scripts and applications, DEFT also features DART suite that contains Windows applications (both closed source and open source) which are still OK to use as there is no known equivalent in the Unix world.
There are certain characteristics that inherent to DEFT which minimize the risk of altering the data that is being subjected to analysis.
Some of these features are:
- During boot, the system will not use swap partitions on the system that is being analysed.
- On system startup, there are no automatic mount scripts.
- All the mass storage and network traffic acquisition tools do not alter the data being acquired.
- There are no automated systems for any activity during the analysis of evidence.
DOWNLOAD it here.
Here are some of the applications in the DEFT:
- ptk forensic
- Maltego CE
- KeepNote
- Sleuthkit
- autopsy
- dff
- Emule Forensic
- dhash
- libewf
- hunchbackeed file carver
- Findwild
- Bulk Extractor
- dc3dd
- foremost
- photorec
- mount manager
- aff lib
- Wipe
- hex dump
- outguess
- Disk Utility
- guymager
- dd rescue
- dcfldd
- scalpel
- iphone backup analyzer
- iphone analyzer
- creepy
- xprobe2
- sqlite database browser
- bitpim
- bbwhatsapp database converter
- Dropbox reader
- john
- catfish
- pasco
- md5sum
- xmount DEFT edition
- readpst
- chkrootkit
- rkhunter
- md5deep
- sha1deep
- sha256deep
- sha1sum
- sha224sum
- sha256sum
- sha512sum
- pdfcrack cracking tool
- fcrackzip cracking tool
- testdisk
- ghex, light gtk hex editor
- vinetto
- Xplico DEFT edition
- Clam Antivirus
- mc
- dmraid
- log2timeline
- rifiuti2
- Wine
- mobius forensic
- Wireshark
- ettercap
- nmap
- Hydra