content top

DEFT Linux 8 & DART 2 stable ready for download

Ladies & Gentleman,

first of all thank you for your precious suggestions/feedback on DEFT 8 beta!

Here we are! ūüôā¬†We did our best to turn the DEFT 8 beta into a stable one.

You can download the final STABLE DEFT 8 ISO (which now includes DART 2) from the following link

Download DEFT 8 Stable with DART 2
[md5: fcedb54176de7a3018adfa7571a3a626]

As usual, we suggest to check whether the md5 value we provide matches with the ISO’s you just downloaded on your PC.

We did check deft8 ¬†ISO for the most common bugs but we are human and pretty busy with our jobs so… if we missed something just drop a line to bug AT deftlinux DOT net. We will read every suggestions/bugfixes for the next release.

Stay tuned, because much more is yet to come, such as:

  • the release of the DEFT 8 Virtual Appliance (the pre-configured virtual machine you will be able to launch on your workstation by means of VMware Workstation/VMPlayer or Virtualbox);
  • the DEFT 8 User Manual (for now the¬†DEFT 7 user manual¬†is still valid);
  • the new/updated website.

As many of you already know, the DEFT project recently turned into a No Profit Association and we need funds to keep up the (hopefully good) work.

If you find the DEFT system useful or even crucial for your work, please consider a small donation: you don’t have to, but that would be really appreciated!

PayPal Donate Button

A big thank to the DEFT Team and to all the supporters.

Enjoy! ūüôā

Read More

Another delay….!

Unfortunately they are forced to postpone the release of deft further 10 days. The core is ready, but the graphics not jet.

Really sorry for this!


Read More

DART 2 beta ready for download

While we are working hard on the DEFT 8 Beta and the new layout of the DEFT site, We hope that the release of the standalone DART 2BETA can make you a little happier.
We think that DART 2 is one of the most advanced toolkit for Live Forensics and Incident Response analysis ( Actually we think that is the most advanced one but it doesn’t matter ūüôā ).¬†With its huge number of freely distributable tools (as stated in their license), DART 2 is the ideal suite that allows the operator to run a lot of applications in almost total safety.
These are some of the DART2 new main features:

– Even more powerful internal engine,
– More than 200 stand alone tools
– Tool Search Engine by keyword or file name
– Better categories management system
– Auto Copy&paste of the XML configuration’s hash

Please let us know about any bug or malfunctions you may find by posting it on our forum or by e-mail:

Download DART 2 beta, NOW!

Read More

DEFT 8 Roadmap and features

Hello World,

A little later than usual, We want to introduce you to some features of DEFT 8:

– Linux kernel 3.5.5
– First 64-bit Digital Forensics distro with a huge performance
increased compared to 32-bit systems
– DART 2.0 with more than 1GB of Live Forensics, Incident Response and
malware analysis software
– Sleuth Kit 4.0.2
– Libewf 20130128
– AFFLIB 3.3.6
– Guymager 0.6.13
– Bulk Extractor 1.3.1
– Log2timeline 0.65
– Xplico 1.0.1
– DFF 1.3
– PTK Forensics 3.0
– Maltego Radium CE
– IPBA2 plus WhatsApp, Viber and Skype chat analysis plugins

DEFT 8 will be available as a live DVD (it can also be installed on a
workstation), as a “mini live” for cloning activities of mass storage
unitis and as a VMware virtual appliance.
Deft 8 will be presented on the second Deftcon Conference held in
Bologna (Italy) on 19 April 2013.

Read More

DEFT Pen ready for download

Valerio Leomporra created two dd images of a DEFT USB Pen, one for device with 2GB and one for 4GB.

If you tried to build your own DEFT v7.x USB pendrive starting from ISO, by using some Windows automated tools (i.e. UNetbootin, PenDriveLinux tools or whatever), most probably you should have realized it won’t boot correctly.
While this approach is quite easly effective with many other Linux distros, it simply doesn’t work with the latest DEFT live.

This is mainly due to the huge compressed filesystem (squashfs), which is directly loop-mounted from the media at boot time: loopback files should be contigous and unfragmented.
Even the large number of DART files and directories could fragment/damage the FAT16/FAT32 USB partition, if not carefully managed.

That’s why we realized and just published an “official” pendrive dd-image series, ready to download and flash to your favorite USB device.

Minimal requirements:
– a working linux system (DeftLinux Live on ISO is excellent :D)
– a USB pendrive device, 4gb recommended / 2Gb minimal (deprecated, DART’s few tools included)

1) download the needed .dd.gz file from mirrors, to a working linux machine:
75c0cecce7a549db945704672ef5c935 * DeftPen_v710-usb_4gb.dd.gz
ba4af8c7972a2a91dd418af6aa7f84ab * DeftPen_v710-usb_2gb.dd.gz (deprecated)

2) verify hashes, decompress, verify again  (large files, twice is better):
md5sum *.dd.gz; gzip -d *.dd.gz; md5sum *.dd

3) plug your USB device, ensure it is NOT mounted in your system

4) write down it’s device name, i.e. /dev/sdx¬† (please notice there isn’t any trailing number)

5) flash your device:
dd if=DeftPen_v710-usb_?gb.dd of=/dev/sdx ; sync

6) reboot the system to test the your new pendrive¬† ūüôā

Lastly, if confident with the forensic tools, you can also do anything via a single line:
gzip -dc DeftPen_v710-usb_?gb.dd.gz | dcfldd hash=md5 of=/dev/sdx ; sync

Read More

DEFT 7 ready for download

Hi people!

The “DEFT team” (formed by me, Massimiliano Dal Cero, Sandro Rossetti, Paolo Dal Checco, Davide “Rebus” Gabrini, Emanuele Gentili, Meo Bogliolo, Marco Giorgi and Valerio Leomporra) is pleased to announce the release of the stable version of DEFT 7, the first toolkit able to perform Computer Forensics, Mobile Forensics, Network Forensics, Incident Response and Cyber ‚Äč‚ÄčIntelligence.
DEFT 7 comprises:

  • a GNU/Linux based system optimized for Computer Forensics and Cyber ‚Äč‚ÄčIntelligence activities, installable or able to run in live mode;
  • DART (Digital Advanced Response Toolkit) is a graphical user interface that handles – in a save environment – the execution of “Incident Response” and Live Forensics tools.

Due to lack of time it was not possible to complete the user manual, therefore it will be released next week. For the same reason we weren’t able to integrate the whole Cyber ‚Äč‚ÄčIntelligence section and neither were we able to publish the new site website which will be online by the end of march 2012.

As someone passed away would say “DEFT 7 IS THE BEST DEFT VERSION EVER” ūüôā

Download DEFT Linux7, DART stand-alone and DEFT 7 virtual appliance from our mirrors (please wait the sync of all mirror).

Default root password for DEFT virtual appliance is deft.

There isn’t root password for DEFT Linux live.

Please report bugs or suggestions on launchpad or by sending an e-mail to bugs [at]

Following are DEFT’s Linux/Dart’s main features:

  • Based on Lubuntu 11.10
  • Installable Distro
  • Linux kernel 3.0.0-12, USB 3 ready
  • Libewf 20100226
  • Afflib 3.6.14
  • TSK 3.2.3
  • Autopsy 2.24
  • Digital Forensic Framework 1.2
  • PTK Forensic 1.0.5 DEFT edition
  • Pyflag
  • Maltego CE
  • KeepNote 0.7.6
  • Mobius Forensic
  • Xplico 0.7.1
  • Scalpel 2
  • Hunchbackeed Foremost 0.6
  • Findwild 1.3
  • Bulk Extractor 1.1
  • Dropbox Reader
  • Emule Forensic 1.0
  • Guymager 0.6.3-1
  • Dhash 2
  • Cyclone wizard acquire tool
  • Ipddump
  • Iphone Analyzer
  • Iphone backup analyzer
  • SQLite Database Browser 2.0b1
  • BitPim 1.0.7
  • Bbwhatsapp database converter
  • Reggripper
  • Creepy 0.1.9
  • Hydra 7.1
  • Log2timeline 0.60
  • Wine 1.3.28


DART is a graphical interface that checks the integrity of each tool before its execution

  • 7zip
  • Advanced Password Recovery
  • AviScreen
  • BlackBag IOReg Info
  • BlackBag PMAP Info
  • CamStudio
  • ClamWin
  • ConTools
  • Database Browser
  • dcfldd (per Windows)
  • DeepBurner
  • DiskDigger
  • Don’t Sleep
  • DriveMan
  • EMFSpoolViewer
  • Emule MET viewer
  • Eraser Portable
  • f3e
  • FastStone Viewer
  • FATwalker
  • FAU x64
  • FAU x86
  • FileAlyzer 2
  • FileInfo
  • fmem
  • FSV Thumbs Extractor
  • FTK Imager
  • FTK Imager CLI (Win, Linux, Mac)
  • GMER
  • Gsplit
  • Harvester
  • HDDRawCopy
  • Historian
  • HWiNFO
  • HWiNFO32 e HWiNFO64
  • HxD
  • ICESword
  • index.dat Analyzer
  • IrfanView (con plugin)
  • JAD Facebook JPG Finder
  • Jam-Software Treesize
  • Jam-Software UltraSearch
  • JPEGsnoop
  • LAN Search Pro 32/64
  • Lime Juicer
  • LimeWire Library Parser v4 e v5
  • Lnkexaminer
  • ltfviewer
  • Mail-Cure for Outlook Express
  • Mandiant Audit Viewer
  • Mandiant Memoryze
  • Mandiant RestorePointAnalyzer
  • Mandiant Web Historian
  • md5deep for Windows
  • md5summer
  • MDD
  • MediaPlayerClassic (x86/x64)
  • Mitec Mail Viewer
  • MiTec Structured Storage Viewer
  • Mitec Windows File Analyzer
  • Mitec Windows Registry Rescue
  • NetSetMan
  • Nigilant32
  • Nirsoft Access PassView
  • Nirsoft AlternateStreamView
  • Nirsoft Asterisk Logger
  • Nirsoft AsterWin
  • Nirsoft AsterWin IE
  • Nirsoft Bluetooth Viewer
  • Nirsoft BulletsPassView x86 e x64
  • Nirsoft ChromeCacheView
  • Nirsoft ChromeCookiesView
  • Nirsoft ChromeHistoryView
  • Nirsoft ChromePass
  • Nirsoft CurrPorts x86 e x64
  • Nirsoft CurrProcess
  • Nirsoft Dialupass
  • Nirsoft Enterprise Manager PassView
  • Nirsoft FirefoxDownloadsView
  • Nirsoft FlashCookiesView
  • Nirsoft FoldersReport
  • Nirsoft HashMyFiles
  • Nirsoft IE Cache View
  • Nirsoft IE Cookies View
  • Nirsoft IE History View
  • Nirsoft IE PassView
  • Nirsoft InsideClipboard
  • Nirsoft LiveContactsView
  • Nirsoft LSASecretsDump x86 e x64
  • Nirsoft LSASecretsView x86 e x64
  • Nirsoft Mail PassView
  • Nirsoft MessenPass
  • Nirsoft Mozilla Cache View
  • Nirsoft Mozilla Cookies View
  • Nirsoft Mozilla History View
  • Nirsoft MUICacheView
  • Nirsoft MyEventViewer (anche x64)
  • Nirsoft MyLastSearch
  • Nirsoft NetResView
  • Nirsoft Netscapass
  • Nirsoft Network Password Recovery x86 e x64
  • Nirsoft OpenedFilesView (anche x64)
  • Nirsoft OperaCacheView
  • Nirsoft OperaPassView
  • Nirsoft OutlookAttachView (anche x64)
  • Nirsoft PasswordFox
  • Nirsoft PCAnywhere PassView
  • Nirsoft ProcessActivityView
  • Nirsoft Protected Storage PassView
  • Nirsoft PstPassword
  • Nirsoft RecentFilesView
  • Nirsoft RegScanner (anche x64 e win98)
  • Nirsoft Remote Desktop PassView
  • Nirsoft Safari Cache View
  • Nirsoft ServiWin
  • Nirsoft SkypeLogView
  • Nirsoft SmartSniff (x86 e x64)
  • Nirsoft StartupRun
  • Nirsoft USBDeview x86 e x64
  • Nirsoft UserAssistView
  • Nirsoft UserProfilesView
  • Nirsoft VideoCacheView
  • Nirsoft VNCPassView
  • Nirsoft WebBrowserPassView
  • Nirsoft WhatInStartup
  • Nirsoft Win9x PassView
  • Nirsoft WinPrefetchView
  • Nirsoft Wireless Network View
  • Nirsoft WirelessKeyView x86 e x64
  • Notepad++ (con Hexedit e LightExplorer)
  • NTFSwalker
  • On-screen keyboard
  • OTFE Volume File Finder
  • PC On/Off Time
  • Photostudio
  • pre-search
  • ProDiscover Basic Free
  • Props
  • QCC FragView
  • QCC Gigaview
  • QCC VideoTriage
  • RefWolf Prefetch-Parser
  • Registry Decoder Live 32/64
  • Registry Report
  • RegRipper Plugin
  • RHash
  • RootRepeal
  • Sanderson Forensic Copy
  • Sanderson Forensic Image Viewer
  • Sanderson List Codecs
  • Sanderson OLEDeconstruct
  • Screeny
  • SDHash
  • Search my files
  • SecurityXploded PasswordSuite
  • SecurityXploded SpyDLLRemover
  • ShadowExplorer
  • SoftPerfect Network Scanner (x86/x64)
  • Spartacus
  • SPLViewer
  • SQLite Database Browser
  • SSDeep
  • StreamFinder
  • SumatraPDF
  • Svchost Process Analyzer
  • System Scaner
  • TCHunt
  • Teracopy Portable
  • testdisk/photorec Win/Lin/Mac x86/x64
  • The Sleuth Kit (win32)
  • Thumo
  • TightVNC
  • TrID (defs 31.10.2011)
  • TrIDnet (defs 31.10.2011)
  • Tuluka
  • Ultra File Search
  • Undelete 360
  • Universal Extractor
  • Universal Viewer Free
  • USB WriteProtector
  • Vidpreview
  • VLC Portable
  • WinAudit e WinAudit Unicode
  • Windows Forensic Toolchest
  • WipeDisk
  • XnView
  • ZeroView

Enjoy DEFT 7!

Stefano Fratepietro

Read More
content top