Deft X va

Deft Xva is based on Ubuntu Mate 18.04, with kernel version 4.15.0-36-generic

  • Artifacts Extraction
    •  Email
      • Extractmsg, ver 0.2
      • Msgconvert, ver 0.904
      • Readpst, ver 0.6.71
    • Lnk
      • Lifer, ver 4.0.22
    • Registry
      • pl, ver 2013.08.06
      • Reglookup, ver 1.0.1
    • Trash
      • Rifiuti2, ver 0.6.1
    • Windows logs
      • Evtxtract, ver 0.2.2
  • Regripper, 2008.04.19

 

  • Data Recovery
    • Bulk_extractor, ver 1.5.5
    • Catfish, ver 1.4.4
    • Evtxtract, ver 0.2.2
    • Foremost, ver 1.5.7
    • Myrescue, ver
    • Photorec, ver 7.0
    • Photorec_sorter.py
    • Scalpel, ver 1.60
    • Testdisk, ver 7.0

 

  • Hashing
    • Ssdeep, ver 2.14
    • Md5deep, ver 4.4
    • Md5sum, ver 4.4
    • Sha1deep, ver 4.4
    • Sha1sum, ver 4.4
    • Sha256deep, ver 4.4
    • Sha256sum, ver 4.4
    • Sha512sum, ver 4.4

 

  • Imaging
    • Affcat, ver 3.7.16
    • Affcompare, ver 3.7.16
    • Affconvert, ver 3.7.16
    • Affcopy, ver 3.7.16
    • Affcrypto, ver 3.7.16
    • Affdiskprint, ver 3.7.16
    • Affinfo, ver 3.7.16
    • Affix , ver 3.7.16
    • Affrecover, ver 3.7.16
    • Affsegment, ver 3.7.16
    • Affsign, ver 3.7.16
    • Affstats, ver 3.7.16
    • Affuse, ver 3.7.16
    • Affverity, ver 3.7.16
    • Affxml, ver 3.7.16
    • Cyclone, ver 0.0.3
    • Dd_rescue , ver 1.99.8
    • Esximager, ver 2.9
    • Ewfacquire, ver 2014.06.08
    • Guymager, ver 0.8.8

 

  • Live Forensics
    •  Memory
      • Evolve, ver 2.7.15rc1
      • Evtxtract, ver 0.2.2
      • Rekall, ver 1.7.2.rc1
      • Volatility, ver 2.6
      • volutility, ver 1.2

 

  • Malware Analysis
    • Analyzepdf
    • Analyzepe
    • Balbuzard, ver 0.19
    • Bamfdefect, ver 1.6.12
    • Damm, ver 1.6.12
    • Mastiff, ver 0.8.0.ds0
    • JD-GUI, ver 1.4.0
    • Bro, ver 2.5.3
    • Chkrootkit, ver 0.52
    • Gdb, ver 8.1.0.20180409
    • Hashdeep, ver 4.4
    • Yara, ver 3.7.1
    • NoMoreXOR.py, ver 4
    • Bbcrack, ver 0.19
    • Bbharvest, ver 0.19
    • Bbtrans, ver 0.19
    • Brxor
    • Clamscan, ver 0.100.2
    • Ltrace, ver 0.7.3
    • Objdump, ver 2.30
    • Radare2, ver 2.9.0
    • Rhino
    • Rkhunter, ver 1.4.6
    • Strace, ver 4.24
    • Strings, ver 2.30
    • Totalhash
    • Trid, ver 2.24
    • Udcli, ver 1.7.2
    • Unhide.rb, ver 20130526
    • Unxor.py
    • Voldiff, ver 2.1.5
    • Xorsearch, ver 1.11.1
    • Xorstring, ver 0.0.1
    • Xortool, ver 0.96
    • Xxxswf, ver 2.0.0
    • Extractswf.py
    • Floss, ver 1.5.0-22
    • Muninn, ver 2.0.42
    • Pedis, ver 0.80
    • Pepack, ver 0.80
    • Pescan, ver 0.80
    • Pesec, ver 0.80
    • Readpe, ver 0.80
    • Rva2ofs, ver 0.80
    • Ofs2rva, ver 0.80
    • Cuckoo, ver 2.0.6
    • Edb, ver 1.0.0
    • Multiscanner, ver 1.2.0

 

  • Mobile Forensics
    •  Android
      • Adb, ver 1.0.36, revision 1:7.0.0+r33-2
      • Apktool, ver 2.3.4
      • Bitpim, ver 1.0.7
      • Fastboot, ver 28.0.1-4986621
    • Blackberry
      • Ipddump, ver 0.3-RC3
    • Ios
      • Idevicebackup2, ver 1.2.0
      • Iphonebackupanalyzer2, ver 2.0-build-20130219
  • DB Browser for SQLite, ver 3.10.1

 

  • Mount
    •  BitLocker
      • Bdemount, ver 20170902
      • Dislocker, ver 0.7.1
    • Virtual
      • Vmdkmnt, ver 1.17
  • Ewfmount, ver 20140608
  • Mount, ver 2.31.1
  • Xmount, ver 0.7.3

 

  • Network Forensics
    •  Logs
      • Ccze, ver 2.0.1
      • Lnav, ver 0.8.2
      • Multitail, ver 6.4.2
    • Pcap
      • CapAnalysis, ver 1.2.2
      • Driftnet, ver 1.1.5
      • Dshell, ver
      • Ettercup, ver 0.8.2
      • Nmap, ver 7.60
      • Tcpdump, ver 4.9.2
      • Tcpflow, ver 1.4.5
      • Tcpick, ver 0.2.1
      • Tcpxtract, ver 1.0.1
      • Tshark, ver 2.4.5
      • Wireshark, ver 2.4.5
      • Xplico, ver 1.2.1
    • Wireless
      • Kismet, ver 2016-07-R1
      • Aircrack-ng, ver 1.4
  • Findserver, ver 2.4.1
  • Whois, ver 5.3.0

 

  • Osint
    • Anonymous website
    • Maltego community, ver 4.1.13
    • Maltego community memory
    • Tinfoleak, ver 2.4
    • Tor browser
    • Tor browser launcher setting

 

  • Password Recovery
    • Cmospwd, ver 5.0
    • Cupp, ver 3.1.0-alpha
    • Fcrackzip, ver 1.0
    • Hashcat, ver 4.0.1
    • John the ripper, ver 1.8.0
    • Pdfcrack, ver 0.16
    • Samdump2, ver 3.0.0
    • XHydra, ver 8.6

 

  • Picture Forensics
    • Exifprobe, ver 2.1.0
    • Mat, ver 0.6.1
    • Outguess, ver 0.2
    • Stagedetect, ver 0.6
    • Vinetto, ver 0.07

 

  • Reporting
    • Cattura schermata, ver 1.20.0
    • Findwild, ver 2.4
    • Ghex, ver 3.18.3
    • Recoll, ver 1.23.7
    • keepNote, ver 0.7.8
    • Hexedit, ver 1.4.2
    • Mhonarc, ver 2.6.19+
    • Recordmydesktop, ver 0.3.8.1
    • SciTE Text Editor, ver 4.0.0
    • VYM – View your Mind, ver 2.5.0
    • System Profiler and Benchmark/hardinfo, ver 0.6-alpha

 

  • Timeline
    • Blkcalc, ver 4.6.2
    • Blkcat, ver 4.6.2
    • Blkls, ver 4.6.2
    • Ffind, ver 4.6.2
    • Fls, ver 4.6.2
    • Fsstat, ver 4.6.2
    • Hfind, ver 4.6.2
    • Icat, ver 4.6.2
    • Ifind, ver 4.6.2
    • Ils, ver 4.6.2
    • Img_cat, ver 4.6.2
    • Img_stat, ver 4.6.2
    • Istat, ver 4.6.2
    • Jcat, ver 4.6.2
    • Jls, ver 4.6.2
    • Mactime, ver 4.6.2
    • Mmcat, ver 4.6.2
    • Mmls, ver 4.6.2
    • Mmstat, ver 4.6.2
    • Sigfind, ver 4.6.2
    • Sorter, ver 4.6.2
    • Srch_strings, ver 2.15
    • Tsk_comparedir, ver 4.6.2
    • Tsk_gettimes, ver 4.6.2
    • Tsk_loaddb, ver 4.6.2
    • Tsk_recover, ver 4.6.2
    • Log2timeline_legacy.pl, ver 20180818
    • Fcat, ver 4.6.2
    • Fiwalk, ver 4.6.2
    • Image_export.py
    • Jpeg__extract
    • Image_export
    • Log2timeline.py, ver 20180818
    • Pinfo.py
    • Psort.py

 

  • Virtual Forensics
    •  Conversion
      • Raw2vmdk, ver 0.1.3.2

 

  • Autopsy, ver v.4.8.0

 

  • Wipe, ver 0.23

 

  • Mount manager