DEFT X – Forensics Virtual Appliance

Deft X is a ready virtual appliance with a several Incident response and Forensics tools that will help in investigating security incidents. The distribution is based on Ubuntu Mate 18.04, with kernel version 4.15.0-36-generic and will have a number of advanced programs to perform Network forensics with pcap files and recorded packets , Data recovery , Password Recovery , Picture Forensics and Malware Analysis.

Timeline analysis tools will help into displaying the logs according to the required time-frame so incident responder may find out required artifact and search analyze what happened during the attack from different log sources.

DEFT X - Forensics Virtual Appliance

DEFT X – Forensics Virtual Appliance

The system support Blackberry, Android and iOS based Mobile Forensics. so for Android there is Adb, ver 1.0.36, revision 1:7.0.0+r33-2 , Apktool, ver 2.3.4 , Bitpim, ver 1.0.7 and Fastboot, ver 28.0.1-4986621. On Blackberry Ipddump which allow user to explore the content of a Blackberry backup file and extract the information to a file. iOS there is Idevicebackup2 and Iphonebackupanalyzer an utility designed to easily browse through the backup folder of an iPhone/ or iOS device.

On the Live Memory Forensics you can find the following tools:

  • Evolve, ver 2.7.15rc1
  • Evtxtract, ver 0.2.2
  • Rekall, ver 1.7.2.rc1
  • Volatility, ver 2.6
  • volutility, ver 1.2

You can read more and download this virtual appliance over here: