The DEFT team is pleased to announce the release of the stable version of DEFT Linux 7, a toolkit able to perform computer, mobile and network forensics, incident response and cyber intelligence. DEFT 7 comprises of a GNU/Linux-based system optimized for computer forensics and cyber intelligence activities, installable or able to run in live mode, and DART (Digital Advanced Response Toolkit), a graphical user interface that handles the execution of incident response. Main features: based on Lubuntu 11.10; installable distro; Linux kernel 3.0, USB 3 ready; Libewf 20100226, Afflib 3.6.14, TSK 3.2.3, Autopsy 2.24, Digital Forensic Framework 1.2, PTK Forensic 1.0.5 DEFT edition....

Recent Related News and Releases

Distribution Release: DEFT Linux 2017.1 "Zero" After more than two years of apparent hiatus, the Ubuntu-based DEFT Linux distribution (featuring specialist tools for forensic analysis) has sprung to life with a new release. Dubbed as "DEFT Zero" and labelled as version 2017.1, the new build is much more compact and lightweight, but it brings some useful new features: " DEFT Zero 2017.1 ready for download. We can finally announce that a stable version of DEFT Zero is available. DEFT Zero is a light edition of DEFT specifically designed to perform forensic acquisition of digital evidence. Among the biggest features is the support to NVMExpress memory (MacBook 2015), eMMC memories and UEFI. DEFT Zero requires considerably lower space in RAM and on a CDROM or USB drive. It needs about 400 MB, which can even boot in the RAM pre-loaded mode on a obsolete and low-resource hardware. DEFT Zero is based on Lubuntu 14.04.02 LTS and its future releases will be developed in parallel with DEFT full edition. " Here is the brief release announcement, with more details provided in this user's guide (PDF). Download: deftZ-2017-1.iso (508MB, MD5, pkglist).

Distribution Release: DEFT Linux 8.2 Stefano Fratepietro has announced the release of DEFT Linux 8.2, an updated build of the project's Lubuntu-based distribution featuring a collection of open-source utilities for digital forensics and penetration testing: " Hello, it's hot here in Italy as well as in other countries, and a lot of people are on vacation, but only now – I'm sorry for that – I found the time to fix the known issues of DEFT 8.1. DEFT 8.2 is the latest release of DEFT 8. What has been fixed? Fixed a bug that under some conditions prevented the system to be installed; fixed the DNS bug in resolv.conf; fixed a bug in the apt-get sources.list; improved device recognition in live mode; updated all packages to the latest Ubuntu release available for 'Quantal'. The next release, DEFT 10, celebrating the first decade of the DEFT project, will be presented during the fourth edition of DEFTCON. Enjoy your holidays! Enjoy DEFT! " Here is the brief release announcement. Download: deft-8.2.iso (3,164MB, MD5, pkglist).

Distribution Release: DEFT Linux 8.1 Stefano Fratepietro has announced the release of DEFT Linux 8.1, a Lubuntu-based distribution and live DVD with a large collection of open-source utilities for digital forensics and penetration testing: " During the third national conference DEFTCON we presented DEFT 8.1. What's new? file manager - we implemented the disk mount status - if the disk is mounted in read-only mode the eject button is green, if it's read-write mode (a further confirmation will be required before going in this mode) the eject button is orange; full support for BitLocker encrypted disks; The Sleuth Kit 4.1.3, Digital Forensics Framework 1.3; full support for Android and iOS 7.1 logical acquisitions; JD GUI; Skype Extractor 0.1.8.8,; Maltego 3.4 Tungsten; a new version of the OSINT browser; Fixed a bug in sources.list; full update of the deft packages and DART 2 software and tools. " Here is the brief release announcement. Download: deft-8.1.iso (3,116MB, MD5).

Distribution Release: DEFT Linux 8 Stefano Fratepietro has announced the release of DEFT Linux 8, a Lubuntu-based distribution and live DVD featuring a collection of open-source tools for digital forensics and penetration testing: " Dear guys, we did our best to turn the DEFT 8 beta version into stable -- also by listening to your precious suggestions and feedback -- and here we are. You can download the DEFT 8 final stable ISO image (which now includes DART 2). The stable version has been checked against common bugs but we are human and pretty busy with our jobs so if we missed something, just drop a line to bug at deftlinux.net and we'll collect suggestions and bug fixes for the next release. A big thank to the DEFT team and to all the supporters. Stay tuned, because much more is yet to come, such as the release of the DEFT 8 virtual appliance (a pre-configured virtual machine you will be able to launch on your workstation by means of VMware Workstation or VMPlayer or Virtualbox); the DEFT 8 user manual; the updated website. " Here is the brief release announcement. Download: deft8.iso (2,764MB, MD5).

Development Release: DEFT Linux 8 Beta Stefano Fratepietro has announced the availability of the public beta release of DEFT Linux 8, a specialist Lubuntu-based distribution and live DVD with open-source tools for digital forensics and penetration testing: " Here is the new digital forensics system optimized for Intel-based 64-bit architectures - DEFT Linux 8. What's new? a 64-bit 3.5 Linux kernel that has brought down the 4 GB memory limit - now you can use DEFT Linux on systems that have up to 256 TB of RAM; Sleuthkit 4 and Autopsy 2, ready for Autopsy 3 on Linux (only for law enforcement); Digital Forensics Framework 1.3; Libewf and AFFlib full support; Xmount and Mount Ewf; Guymager 0.7.1, Cyclone 0.2 and Esximager; Recoll 1.19.5 - software for indexing; Bulk extractor 1.3.1 with Bulk extractor GUI 1.3; Dumy 0.2 - an intelligence parsing tool to extract sensible data from anonymous dump; Skype extractor.... " Here is the full release announcement with a long list of included tools and utilities. Download: deft8_beta.iso (1,607MB, MD5).

Distribution Release: DEFT Linux 7.2 Stefano Fratepietro has announced the release of DEFT Linux 7.2, an Ubuntu-based live distribution with a large collection of free and open-source tools for incident response, cyber intelligence and computer forensics tasks: " Today we are happy to announce the latest DEFT Linux release, version 7.2. This is the last 32-bit release but it will have bug-fix support until 2020. Please note that the next release will be for 64-bit systems only. What's new in this release? Virtual appliance based on VMware 5 with USB 3 support; Linux kernel 3.0; Autopsy 3 beta 5 (using WINE, please note that you will need a minimum of 1 GB of RAM); Log2tmeline 0.65; guymager 0.6.12; VMFS support; some minor fixes. Thank you for choosing DEFT Linux and enjoy the project! " Here is the brief release announcement. Finally, a quick link to download the live DVD image: deft7.2.iso (2,570MB, MD5).

Distribution Release: DEFT Linux 7.1 Stefano Fratepietro has announced the release of DEFT Linux 7.1, a bug-fix update to the project's Ubuntu-based distribution designed for forensic analysis, penetration testing and related tasks: " DEFT Linux 7.1 ready for download. The new features for DEFT Linux 7.1 are: Hb4most and xterm problems fixed; GParted bug fix; updated packages: bulk_extractor 1.2.0, guymager 0.6.5, iPhone Backup Analyzer 10/2012, Xplico 1.0; computer forensics side new tools - UsnJrnl-parser, lslnk; Cyber Intelligence side implementations; OSINT Chrome browser - we customized Chrome with several plugins and resources to perform 'open-source intelligence' and related activities; network information gathering - Host, nslookup, Dig, Nmap, Zenmap, Netcat, snmpcheck, Nbtscan, Cadaver, Traceroute, Hping3, Xprobe, Scapy, Netdiscover; wireless information gathering - Kismet; web application information gathering - Whatweb, Cmsident, Dirbuster, Burpsuite.... " Read the rest of the release announcement for a full list of new features. Download: deft7.1.iso (2,320MB, MD5).