Forensic Investigation Tutorial Using DEFT

DEFT (acronym for Digital Evidence & Forensics Toolkit) is a distribution made for Computer Forensics, with the purpose of running live on systems without tampering or corrupting devices (hard disks, pen drives, etc…) connected to the PC where the boot process takes place.

The DEFT system is based on GNU Linux; it can run live (via DVDROM or USB pen drive), installed or run as a Virtual Appliance on VMware or Virtual box. DEFT employs LXDE as desktop environment and WINE for executing Windows tools under Linux. It features a comfortable mount manager for device management.

First Download ISO image of deft Linux from here

After having started the DEFT boot loader, you will see a screen with several boot options. Now click on Install DEFT Linux 8

Now click on continue

Now Select the third party software option and click on continue.

Now it will ask the option to install Kubuntu.

Select Guided-use entire disk and click on install now

Now select your time zone and click ok

Now fill your personal Details and select Continue. Click on Restart Now.

Analysis - Analysis Tools files of different types

Antimalware - Search for root kits, viruses, malware and malicious PDFs.

Data Recovery - File Recovery Software

Hashing - Scripts that allow the realization of calculating hashes of certain processes (SHA1, SHA256, MD5 ...)

Imaging - Applications that we can use to make cloned and imaging of hard drives or other sources.

Mobile Forensics - Analysis Blackberry, Android, iPhone, as well as information about typical databases SQLite mobile devices used by applications.

Network Forensics - Tools for processing information stored in network

OSINT - Applications that facilitate obtaining information associated with users and their activity.

Password recovery - Recovery BIOS passwords, compressed files, office, brute force, etc.

Reporting tools - Finally, within this section you will find tools that will facilitate the task of reporting and obtaining evidence that will serve to document forensics. Screen capture, collection of notes, desktop activity log, etc.