content top

Another delay….!

Unfortunately they are forced to postpone the release of deft further 10 days. The core is ready, but the graphics not jet.

Really sorry for this!


Read More

DART 2 beta ready for download

While we are working hard on the DEFT 8 Beta and the new layout of the DEFT site, We hope that the release of the standalone DART 2BETA can make you a little happier.
We think that DART 2 is one of the most advanced toolkit for Live Forensics and Incident Response analysis ( Actually we think that is the most advanced one but it doesn’t matter :-) ). With its huge number of freely distributable tools (as stated in their license), DART 2 is the ideal suite that allows the operator to run a lot of applications in almost total safety.
These are some of the DART2 new main features:

- Even more powerful internal engine,
- More than 200 stand alone tools
- Tool Search Engine by keyword or file name
- Better categories management system
- Auto Copy&paste of the XML configuration’s hash

Please let us know about any bug or malfunctions you may find by posting it on our forum or by e-mail:

Download DART 2 beta, NOW!

Read More



many of you are asking why DEFT8 has not been released yet. It ‘s true, you’re right and we apologize for that. Several unforeseen problems about the development and implementation of new features are slowing down this release.
We changed the roadmap and we plan to release DEFT 8 beta no later than May 31. A stable version will follow no later than mid-June. DART 2 is ready!

Thank you again for your patience and cooperation.


Read More

DEFT 8 Roadmap and features

Hello World,

A little later than usual, We want to introduce you to some features of DEFT 8:

- Linux kernel 3.5.5
- First 64-bit Digital Forensics distro with a huge performance
increased compared to 32-bit systems
- DART 2.0 with more than 1GB of Live Forensics, Incident Response and
malware analysis software
- Sleuth Kit 4.0.2
- Libewf 20130128
- AFFLIB 3.3.6
- Guymager 0.6.13
- Bulk Extractor 1.3.1
- Log2timeline 0.65
- Xplico 1.0.1
- DFF 1.3
- PTK Forensics 3.0
- Maltego Radium CE
- IPBA2 plus WhatsApp, Viber and Skype chat analysis plugins

DEFT 8 will be available as a live DVD (it can also be installed on a
workstation), as a “mini live” for cloning activities of mass storage
unitis and as a VMware virtual appliance.
Deft 8 will be presented on the second Deftcon Conference held in
Bologna (Italy) on 19 April 2013.

Read More

DEFT 7.2 and DEFT english manual, ready for download!


Today we are happy to announce the last DEFT release: the 7.2. This is the last 32bit release but we will support bugfix until 2020.
Please note that the next release will be a 64bit system.

What’s new in this release?

Virtual appliance based on Vmware 5 with USB3 support
Kernel 3.0.0-26
Autopsy 3 beta 5 (using Wine – please note that you need minimum 1GB ram)
Log2tmeline 0.65
Guymager 0.6.12-1
Vmfs support
Some mirror fix

Finally we would like to thank Nicodemo, Giada and Neil for taking care of the En translation of the manual.

Download DEFT 7.2 iso
Download DEFT 7.2 Virtual Appliance
Download DEFT English manual

Thank you  for choosing DEFT and enjoy the project!

Stefano Fratepietro
President of DEFT Association and DEFT Project Leader

Read More

Road to DEFT 7.2 and more

In these hot weeks of August we are implementing changes and enhancements for DEFT 7.2, but there’s more. DEFT 7 will be the last release for 32-bit systems. From release 8, DEFT will be release only for 64-bit systems for obvious reasons of performance. DEFT 7 will still be kept up to date just for the needs of task to be performed on 32-bit obsolate systems.

The release of the 7.2 is planned for September 2012.

Below you up to date on some hot topics in abeyance, such as:

  • The English manual is still in the process of translation, we are about 60-70% of the work completed.
  • The new DEFT website is under construction, we hope to release by the end of 2012. It will be available both in English and in Italian.
  • Since 2012, the DEFT project will become a non-profit organization based in Bologna, Italy. The opening of a non-profit organization will allow us to manage funds, donations and revenues to invest fully in the DEFT project that will always remain open source and free.
Stay tuned!
Read More

DEFT Pen ready for download

Valerio Leomporra created two dd images of a DEFT USB Pen, one for device with 2GB and one for 4GB.

If you tried to build your own DEFT v7.x USB pendrive starting from ISO, by using some Windows automated tools (i.e. UNetbootin, PenDriveLinux tools or whatever), most probably you should have realized it won’t boot correctly.
While this approach is quite easly effective with many other Linux distros, it simply doesn’t work with the latest DEFT live.

This is mainly due to the huge compressed filesystem (squashfs), which is directly loop-mounted from the media at boot time: loopback files should be contigous and unfragmented.
Even the large number of DART files and directories could fragment/damage the FAT16/FAT32 USB partition, if not carefully managed.

That’s why we realized and just published an “official” pendrive dd-image series, ready to download and flash to your favorite USB device.

Minimal requirements:
- a working linux system (DeftLinux Live on ISO is excellent :D)
- a USB pendrive device, 4gb recommended / 2Gb minimal (deprecated, DART’s few tools included)

1) download the needed .dd.gz file from mirrors, to a working linux machine:
75c0cecce7a549db945704672ef5c935 * DeftPen_v710-usb_4gb.dd.gz
ba4af8c7972a2a91dd418af6aa7f84ab * DeftPen_v710-usb_2gb.dd.gz (deprecated)

2) verify hashes, decompress, verify again  (large files, twice is better):
md5sum *.dd.gz; gzip -d *.dd.gz; md5sum *.dd

3) plug your USB device, ensure it is NOT mounted in your system

4) write down it’s device name, i.e. /dev/sdx  (please notice there isn’t any trailing number)

5) flash your device:
dd if=DeftPen_v710-usb_?gb.dd of=/dev/sdx ; sync

6) reboot the system to test the your new pendrive  :)

Lastly, if confident with the forensic tools, you can also do anything via a single line:
gzip -dc DeftPen_v710-usb_?gb.dd.gz | dcfldd hash=md5 of=/dev/sdx ; sync

Read More
content top