DEFT 7 "REAL" and powerful Cyber Forensic Tool overview!
My name is Casey and I have been learning computers for over 13+ years. My favorite thing to do is to break in to encryption or password protected cyber stuff. I find it funny how insecure and naive we really are in this digital age.
In no means am I saying that I am some great hacker, I just love learning especially to help get criminals. There is so much out on the net to help you do whatever it is you are looking to do. Sometimes you have to spend money to buy tools to get the job done. Sometimes the tool is right in front of your face, if you only opened your eyes. In this case you open Google and do a little searching.
There are many open source tools out there free for use by anyone willing to take the time to find it and research how to use it. What is “Open Source” well the wiki answer is the following:
“In production and development, open source is a philosophy, or pragmatic methodology that promotes free redistribution and access to an end product's design and implementation details . Before the phrase open source became widely adopted, developers and producers used a variety of phrases to describe the concept; open source gained hold with the rise of the Internet, and the attendant need for massive retooling of the computing source code. Opening the source code enabled a self-enhancing diversity of production models, communication paths, and interactive communities. The open-source software movement was born to describe the environment that the new copyright, licensing, domain, and consumer issues created”
I have the luxury of using some high end paid tools such as FTK by Accessdata and Encase by Guidance Software, as well as hardware write blockers. I have found bugs in new releases by testing them. You would think for the money that one pays for these tools, they would be bug free. Well let me tell you now, they are not. What you do get is telephone support, whereas with open source tools you have to research and go to forums and ask questions. Then after posting your question you have to wait for an answer. This does not matter as long as you research and learn about the tool before using it. Take the time to educate yourself; this is your career field!
I will be doing a series on a few open source computer forensic tools, here at “LoveMyTool”. The first one that we will be talking about is DEFT 7.1.
Now first and foremost, DEFT is designed to be a forensically sound boot disk or a complete OS install. How do I know, I tested it as you should do before use as well. The OS is LUBUNTU based and has a lot of great open source tools in it. LUBUNTU can be found here http://lubuntu.net/.
Download DEFT 7 here - http://www.deftlinux.net/2012/04/02/deft-7-1-ready-for-download/
The current manual is in Italian but usage is straight forward!
The desktop is clean and to the point:
The “Start Menu” covers all the tools you need to perform the task at hand. Now I will admit that some or most may be command line. I have been spoiled with some of the high end tools such as FTK and Encase. Sometimes all I need is a image recovery or to make a forensically sound copy of a device. Maybe you forgot your Encase or FTK codemeter/dongle, then what. You give up? No, keep a few copies of a tool such as DEFT 7.1 in your car. This way no matter what the case is, you will have something to get the job started.
Here are the views of tools available through the DEFT7 Forensics Tool.
Let’s look at the rest of the “Start Menu” -
As you can see under the DEFT tab of the “Start Menu”, alone has many tools that you may need to get to work on imaging, processing, and or analyzing a case.
We will be presenting here on “LoveMyTool” a series of videos using DEFT 7.1. So please keep a check back here for upcoming training videos.
Thank you for your time and we hope that this introduction to DEFT 7.1 has opened your eyes to some great open source tools available to all cyber investigators.
DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management.
It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics.
DEFT is meant to be used by:
- IT Auditors
DEFT is 100% made in Italy
Author - Investigator Emory Mullis has been in Law Enforcement for roughly 14 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people, this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real everyday challenge. I enjoy this challenge and look forward to learning more every day! Casey considers himself a Google Master as he says he can find out about almost anything if you look hard enough with Google!