Digital Evidence and Forensic Toolkit  (DEFT)

While performing computer forensics, it is important that the software being used is able to ensure the integrity of file structures. It should also be able to analyze the system being investigated, without any alteration, deletion, or change of data.

DEFT is designed for forensics and is based on Lubuntu, which is itself based on Ubuntu.

DEFT can be downloaded from this link: http://www.deftlinux.net/download/.

Once downloaded, we can burn the image file on CD/DVD media or create a live bootable USB media.

To use DEFT, we need to get an overview about what is included in the OS and we will do that next.

Once we boot the DEFT CD/DVD or USB media, we get the boot screen. Firstly, we need to select the language. Once done, we can choose to either run DEFT live or else we can install DEFT on our system.

In our example, we have chosen to boot DEFT live. We should be presented with the DEFT desktop after the boot process completes.

Now let's understand what different tools are available in DEFT.

In the start menu, the first submenu under DEFT, contains a list of various analysis tools:

The next submenu shows all the antimalware tools. Then we have the submenu of tools related to data recovery.

The next submenu contains a list of different hashing tools that can used to check and compare hashes of any file.

In the next submenu, we get tools for imaging. These can be used during forensics investigations for creating an image of a system disk that needs to be investigated. With the release of DEFT 7, tools for the analysis of mobile devices have also been added. These can be found under the, Mobile Forensics submenu.

The next submenu contains the network forensics tools. The next menu, OSINT, contains the open source intelligence tools.

DEFT also contains tools for password recovery which can be found in the next submenu.

Apart from these categories of tools, DEFT contains a few reporting tools, which can be useful while creating reports. DEFT uses WINE for executing Windows tools under Linux and the options for WINE can be found under the main menu.

We either install DEFT or use the live CD option to boot it on our system. Once booted, we go to the start menu and then we move to the DEFT menu. Here we find various tools under different categories. We can use tools for analysis, data recovery, mobile forensics, network forensics, and so on.

WINE is used in DEFT to execute Windows applications.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.22.51.241