DEFT es una de las distribuciones de análisis forense que más han avanzado en estos últimos años, no solo han añadido una gran cantidad de herramientas forenses a su lista, sino que se han sabido adaptarse a su entorno y emular las características de otras distribuciones similares CAINE de donde se han inspirados para sacar el DEFT Extra.
DEFT (Digital Evidence & Forensic Toolkit) está dividida en dos, su entorno y herramientas booteables que recogen lo mejor del software libre para el análisis forense y DEFT Extra un conjunto de herramientas gratuitas para análisis forense en entornos Windows.
En DEFT podemos encontrar las siguientes herramientas para realizar Análisis Forense:
- sleuthkit 3.2.0, collection of UNIX-based command line tools that allow you to investigate a computer
- autopsy 2.24, graphical interface to the command line digital investigation tools in The Sleuth Kit
- DFF 0.8
- dhash 2.0.1, multi hash tool
- aff lib 3.6.4, advanced forensic format
- disk utility 2.30.1, a partition manager tool
- guymager 0.5.7, a fast and most user friendly forensic imager
- dd rescue 1.14, copy data from one file or block device to another
- dcfldd 1.3.4.1, copy data from one file or block device to another with more functions
- dc3dd 7, patched version of GNU dd to include a number of features useful for computer forensics
- Xmount 0.4.4, convert on-the-fly between multiple input and output hard disk image types
- foremost 1.5.6, console program to recover files based on their headers, footers, and internal data structures
- photorec 6.11, easy carving tool
- mount manager 0.2.6, advanced and user friendly mount manager
- scalpel 1.60, carving tool
- wipe 0.21
- hex dump, combined hex and ascii dump of any file
- outguess 0.2 , a stegano tool
- ophcrack 3.3.0, Windows password recovery
- Xplico 0.6.1 DEFT edition, advanced network analyzer
- Wireshark 1.2.11, network sniffer
- ettercap 0.7.3, network sniffer
- nmap 5.21, the best network scanner
- dmraid, discover software RAID devices
- testdisk 6.11, tool to recover damaged partitions
- ghex, light gtk hex editor
- vinetto 0.6, tool to examine Thumbs.db files
- trID 2.02 DEFT edition, tool to identify file types from their binary signatures
- readpst 0.6.41, a tools to read ms-Outlook pst files
- chkrootkit, Checks for signs of rootkits on the local system
- rkhunter 1.3.4, rootkit, backdoor, sniffer and exploit scanner
- john 1.7.2, john the ripper password cracker
- catfish, file search
- galletta 1.0
- pasco 1.0
- md5sum, sha1sum, sha224sum, sha256sum, sha512sum
- md5deep, sha1deep, sha256deep
- skype log view, skype chat conversation viewer
- Xnview, viewer graphics, picture and photo files
- IE, Mozilla, Opera and Chrome cache viewer
- IE, Mozilla, Opera and Chrome history viewer
- Index.dat file analyzer
- pdfcrack, cracking tool
- fcrackzip, cracking tool
- clam, antivirus 4.15
- mc, UNIX file manager