Only for italian

Siamo lieti di presentare la prima edizione pubblica del corso Tiger Analyst Investigator che si terrà a Bologna dal 5 al 8 Marzo 2012.

Il corso di certificazione TAI, basato sulla distribuzione DEFT Linux, si propone come percorso unico nel proprio genere che va ad affrontare la fase investigativa, l’analisi dei risultati e la produzione di evidenze digitali.

Una certificazione professionale riconosciuta e tenuta dagli stessi sviluppatori di DEFT Linux che sta diventando un MUST per tutti i professionisti del settore che si occupano di investigazione digitale ma anche per chi semplicemente sogna di entrare professionalmente in questo mondo.

Il corso di certificazione TAI è organizzato in lezioni di 8 ore quotidiane per 4 giorni.

Le iscrizioni per questa sessione scadranno il giorno Sabato 18 Febbraio 2012.

Iscriviti ORA!

syllabus: http://www.tigersecurity.it/sicurezza-difensiva/formazione/certificazione-tai/syllabus-tiger-analyst-investigator/index.aspx
calendario: http://www.tigersecurity.it/calendario-formazione/index.aspx

Hi people!

The “DEFT team” (formed by me, Massimiliano Dal Cero, Sandro Rossetti, Paolo Dal Checco, Davide “Rebus” Gabrini, Emanuele Gentili, Meo Bogliolo, Marco Giorgi and Valerio Leomporra) is pleased to announce the release of the stable version of DEFT 7, the first toolkit able to perform Computer Forensics, Mobile Forensics, Network Forensics, Incident Response and Cyber ​​Intelligence.
DEFT 7 comprises:

• a GNU/Linux based system optimized for Computer Forensics and Cyber ​​Intelligence activities, installable or able to run in live mode;
• DART (Digital Advanced Response Toolkit) is a graphical user interface that handles – in a save environment – the execution of “Incident Response” and Live Forensics tools.

Due to lack of time it was not possible to complete the user manual, therefore it will be released next week. For the same reason we weren’t able to integrate the whole Cyber ​​Intelligence section and neither were we able to publish the new site website which will be online by the end of march 2012.

As someone passed away would say “DEFT 7 IS THE BEST DEFT VERSION EVER”

Download DEFT Linux7, DART stand-alone and DEFT 7 virtual appliance from our mirrors (please wait the sync of all mirror).

Default root password for DEFT virtual appliance is deft.

There isn’t root password for DEFT Linux live.

Please report bugs or suggestions on launchpad or by sending an e-mail to bugs [at] deftlinux.net.

Following are DEFT’s Linux/Dart’s main features:

• Based on Lubuntu 11.10
• Installable Distro
• Linux kernel 3.0.0-12, USB 3 ready
• Libewf 20100226
• Afflib 3.6.14
• TSK 3.2.3
• Autopsy 2.24
• Digital Forensic Framework 1.2
• PTK Forensic 1.0.5 DEFT edition
• Pyflag
• Maltego CE
• KeepNote 0.7.6
• Mobius Forensic
• Xplico 0.7.1
• Scalpel 2
• Hunchbackeed Foremost 0.6
• Findwild 1.3
• Bulk Extractor 1.1
• Dropbox Reader
• Emule Forensic 1.0
• Guymager 0.6.3-1
• Dhash 2
• Cyclone wizard acquire tool
• Ipddump
• Iphone Analyzer
• Iphone backup analyzer
• SQLite Database Browser 2.0b1
• BitPim 1.0.7
• Bbwhatsapp database converter
• Reggripper
• Creepy 0.1.9
• Hydra 7.1
• Log2timeline 0.60
• Wine 1.3.28

DART

DART is a graphical interface that checks the integrity of each tool before its execution

• 7zip
• Advanced Password Recovery
• AviScreen
• BlackBag IOReg Info
• BlackBag PMAP Info
• CamStudio
• ClamWin
• ConTools
• Database Browser
• dcfldd (per Windows)
• DeepBurner
• DiskDigger
• Don’t Sleep
• DriveMan
• EMFSpoolViewer
• Emule MET viewer
• Eraser Portable
• f3e
• FastStone Viewer
• FATwalker
• FAU x64
• FAU x86
• FileAlyzer 2
• FileInfo
• fmem
• FSV Thumbs Extractor
• FTK Imager
• FTK Imager CLI (Win, Linux, Mac)
• GMER
• Gsplit
• Harvester
• HDDRawCopy
• Historian
• HWiNFO
• HWiNFO32 e HWiNFO64
• HxD
• ICESword
• index.dat Analyzer
• IrfanView (con plugin)
• JAD EDD
• JAD Facebook JPG Finder
• Jam-Software Treesize
• Jam-Software UltraSearch
• JPEGsnoop
• LAN Search Pro 32/64
• Lime Juicer
• LimeWire Library Parser v4 e v5
• Lnkexaminer
• ltfviewer
• Mail-Cure for Outlook Express
• Mandiant Audit Viewer
• Mandiant Memoryze
• Mandiant RestorePointAnalyzer
• Mandiant Web Historian
• md5deep for Windows
• md5summer
• MDD
• MediaPlayerClassic (x86/x64)
• Mitec Mail Viewer
• MiTec Structured Storage Viewer
• Mitec Windows File Analyzer
• Mitec Windows Registry Rescue
• NetSetMan
• Nigilant32
• Nirsoft Access PassView
• Nirsoft AlternateStreamView
• Nirsoft Asterisk Logger
• Nirsoft AsterWin
• Nirsoft AsterWin IE
• Nirsoft Bluetooth Viewer
• Nirsoft BulletsPassView x86 e x64
• Nirsoft ChromeCacheView
• Nirsoft ChromeCookiesView
• Nirsoft ChromeHistoryView
• Nirsoft ChromePass
• Nirsoft CurrPorts x86 e x64
• Nirsoft CurrProcess
• Nirsoft Dialupass
• Nirsoft Enterprise Manager PassView
• Nirsoft FirefoxDownloadsView
• Nirsoft FlashCookiesView
• Nirsoft FoldersReport
• Nirsoft HashMyFiles
• Nirsoft IE Cache View
• Nirsoft IE Cookies View
• Nirsoft IE History View
• Nirsoft IE PassView
• Nirsoft InsideClipboard
• Nirsoft LiveContactsView
• Nirsoft LSASecretsDump x86 e x64
• Nirsoft LSASecretsView x86 e x64
• Nirsoft Mail PassView
• Nirsoft MessenPass
• Nirsoft Mozilla Cache View
• Nirsoft Mozilla Cookies View
• Nirsoft Mozilla History View
• Nirsoft MUICacheView
• Nirsoft MyEventViewer (anche x64)
• Nirsoft MyLastSearch
• Nirsoft NetResView
• Nirsoft Netscapass
• Nirsoft Network Password Recovery x86 e x64
• Nirsoft OpenedFilesView (anche x64)
• Nirsoft OperaCacheView
• Nirsoft OperaPassView
• Nirsoft OutlookAttachView (anche x64)
• Nirsoft PasswordFox
• Nirsoft PCAnywhere PassView
• Nirsoft ProcessActivityView
• Nirsoft Protected Storage PassView
• Nirsoft PstPassword
• Nirsoft RecentFilesView
• Nirsoft RegScanner (anche x64 e win98)
• Nirsoft Remote Desktop PassView
• Nirsoft Safari Cache View
• Nirsoft ServiWin
• Nirsoft SkypeLogView
• Nirsoft SmartSniff (x86 e x64)
• Nirsoft StartupRun
• Nirsoft USBDeview x86 e x64
• Nirsoft UserAssistView
• Nirsoft UserProfilesView
• Nirsoft VideoCacheView
• Nirsoft VNCPassView
• Nirsoft WebBrowserPassView
• Nirsoft WhatInStartup
• Nirsoft Win9x PassView
• Nirsoft WinPrefetchView
• Nirsoft Wireless Network View
• Nirsoft WirelessKeyView x86 e x64
• Notepad++ (con Hexedit e LightExplorer)
• NTFSwalker
• On-screen keyboard
• OTFE Volume File Finder
• PC On/Off Time
• Photostudio
• pre-search
• ProDiscover Basic Free
• Props
• QCC FragView
• QCC Gigaview
• QCC VideoTriage
• RefWolf Prefetch-Parser
• Registry Decoder Live 32/64
• Registry Report
• RegRipper Plugin
• RHash
• RootRepeal
• Sanderson Forensic Copy
• Sanderson Forensic Image Viewer
• Sanderson List Codecs
• Sanderson OLEDeconstruct
• Screeny
• SDHash
• Search my files
• SecurityXploded PasswordSuite
• SecurityXploded SpyDLLRemover
• ShadowExplorer
• SoftPerfect Network Scanner (x86/x64)
• Spartacus
• SPLViewer
• SQLite Database Browser
• SSDeep
• StreamFinder
• SumatraPDF
• Svchost Process Analyzer
• System Scaner
• TCHunt
• Teracopy Portable
• testdisk/photorec Win/Lin/Mac x86/x64
• The Sleuth Kit (win32)
• Thumo
• TightVNC
• TrID (defs 31.10.2011)
• TrIDnet (defs 31.10.2011)
• Tuluka
• Ultra File Search
• Undelete 360
• Universal Extractor
• Universal Viewer Free
• USB WriteProtector
• Vidpreview
• VLC Portable
• WinAudit e WinAudit Unicode
• Windows Forensic Toolchest
• WipeDisk
• XnView
• ZeroView

Enjoy DEFT 7!

Stefano Fratepietro

Finally we were able to realize a very stable DEFT Linux 7 release, solving all problems responsible for postponing the release date for RC1. We performed several tests on different computer platforms: laptops, servers and desktop PCs. Our main focus was based on Lenovo, DELL, ASUS, Acer, Apple, IBM laptops, IBM and DELL servers as well as Acer, Lenovo and Dell desktop PCs. We tested everything both booting as a live CD and installing the distro on the test machine: compatibility tests suceded with excellent results.
From this year DEFT 7 will also add more support to mobile forensics: we added several tools that allow you to analyze files and databases used in new generation smartphones (Android and iPhone). From the next release there will be a section completely dedicated to Cyber Intelligence.
There has also been a complete review of reporting functionalities, we included KeepNote, an excellent tool that allows the logical organization of collected evidences.
As for the official roadmap, we still have a small delay on releasing DART (Digital Advanced Response Toolkit) which will be available when it will be STABLE probably in the final release of the DEFT 7 distro by the end of this month. In the final Deft 7.0 (including DART) release you will also find a pre-configured vmware virtual appliance, a stand alone version of DART along with the user’s guide (Italian version) ( we plan to publish the english translation in the first half of 2012).

Following you can find the main new features in DEFT Linux 7
- Based on Lubuntu 11.10
- Installable Distro
- Linux kernel 3.0.0-12, USB 3 ready
- Libewf 20100226
- Afflib 3.6.14
- TSK 3.2.3
- Autopsy 2.24
- Digital Forensic Framework 1.2
- PTK Forensic 1.0.5 DEFT edition
- Maltego CE
- KeepNote 0.7.6
- Xplico 0.7.1
- Scalpel 2
- Hunchbackeed Foremost 0.6
- Findwild 1.3
- Bulk Extractor 1.1
- Emule Forensic 1.0
- Guymager 0.6.3-1
- Dhash 2
- Cyclone wizard acquire tool
- SQLite Database Browser 2.0b1
- BitPim 1.0.7
- Bbwhatsapp database converter
- Creepy 0.1.9
- Hydra 7.1
- Log2timeline 0.60
- Wine 1.3.28

This year project volunteer’s collaboration with the project was extraordinary! Beside me (SteveFratepietro), these heroes have actively contributed to the project:

- Massimiliano Dal Cero, DART coauthor and he also wrote some implementations on the Linux side
- Sandro Rossetti, Paolo Dal Checco, Valerio Leomporra and Davide Gabrini: for DART tools selection and beta testing
- Meo Bogliolo: for Hunchbackeed Foremost
- Marco Giorgi: for Cyclone
- Emanuele Gentili and Sandro Rossetti: for the Cyber ​​Intelligence and OSINT part (it will be released in the first quarter of 2012)

A heartfelt GRAZIE (thank you) to all of you.

We are grateful to the people of Cyber ​​Marshall (www.cybermarshal.com) for allowing us to insert scripts Dropbox Reader ™ in the final stable release of Deft 7.

The gold release of DEFT 7 will be released January 31, 2012

Please report any bugs here: https://launchpad.net/deft – bug[at]deftlinux.net

Download DEFT Linux 7 RC1 – md5: 082384050a762c4bf617a79223c89d69

Hi all,
We have almost finish our job on the new version of DEFT but we do not feel ready to release a public beta yet.
The DEFT Linux side is 90% ready and we are testing the installation on different kind of hardware (Sony Vaio, MacBook Pro / Air, iMac, Lenovo ThinkPad, DELL PCs and servers).
Our new project, an Incident Response manager, DART (Digital Advanced Response ToolKit), is 80% completed . The portability tests were successful: Dart can run on all Microsoft Windows systems and will make easier the execution of Live Forensic and Incident Response activities.

We take this opportunity to wish you all a Merry Christmas! Our Xmas gift will arrive around the second week of January

Hello everyone!
For some important needs of international computer forensic experts and our community, we decide to release this micro update that allows you to create the “super timeline” using log2timeline (0.60) utility.

You can download the new release using our mirror.

One other thing… Here is a small preview of one of the great innovations of DEFT 7: Maltego!
Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format; With this and other implementations, DEFT is pointing to the needs of enterprise customers, with special attention to the needs of the organization of information and documentation of evidence.

Enjoy DEFT Linux!