DEFT – Live CD for Forensic Analysis

DEFT (acronym for Digital Evidence & Forensics Toolkit) is a distribution made for Computer Forensics, with the purpose of running live on systems without tampering or corrupting devices (hard disks, pendrives, etc…) connected to the PC where the boot process takes place. The DEFT system is based on GNU Linux, it can run live (via DVDROM or USB pendrive), installed or run as a Virtual Appliance on VMware or Virtualbox. DEFT employs LXDE as desktop environment and WINE for executing Windows tools under Linux. It features a comfortable mount manager for device management.

DEFT is paired with DART (acronym for Digital Advanced Response Toolkit), a Forensics System which can be run on Windows and contains the best tools for Forensics and Incident Response. DART features a GUI with logging and integrity check for the instruments here contained. DEFT is currently employed in several places including Military, Government Officers,Law Enforcement,Investigators ,Expert Witnesses,IT Auditors ,Universities and Individuals.

Digital Evidence & Forensics Toolkit (DEFT) - Live CD for forensic analysis

Digital Evidence & Forensics Toolkit (DEFT) – Live CD for forensic analysis

Latest release include the following enhancement:

  • Official support for the new Apple Macbook and Macbook Pro
  • Guymager 0.8.8 with Afflib suppor
  • VeraCrypt 1.22
  • Resource controll panel integrated on the desktop
  • The Sleuthkit 4.1.3
  • Digital Forensics Framework 1.3
  • Full support for Android and iOS 7.1 logical acquisitions (via libmobiledevice & adb)
  • Skype Extractor,
  • Maltego 3.4 Tungsten,
  • A new version of the OSINT browser,

You can read more and download the latest version on the following link:

Notify of
Inline Feedbacks
View all comments