Es una distribución Linux basada en Xubuntu 9.10 con un kernel 2.6.31, escritorio LXDE con una gama de aplicaciones forenses (DEFT extra 2.0) orientada para la policia, investigadores, administradores de sistemas o especialistas forenses.
La lista de paquetes que integran es amplia con un contenido de calidad, acorde a las expectativas que nos ofrece, para que lo puedan comprobar incluyo extracto de paquetes (Fuente: http://www.deftlinux.net/)
DEFT v5 computer and network forensic packages list:
sleuthkit 3.01, collection of UNIX-based command line tools that allow you to investigate a computer
autopsy 2.21, graphical interface to the command line digital investigation tools in The Sleuth Kit
dhash 2, multi hash tool
aff lib 3.5.2, advanced forensic format
gpart, tool which tries to guess the primary partition table of a PC-type hard disk
guymager 0.4.2-1, a fast and most user friendly forensic imager
dd rescue 1.13, copy data from one file or block device to another
dcfldd 1.3.4.1, copy data from one file or block device to another with more functions
linen 6.01, Linux version of the industry- standard DOS-based EnCase acquisition tool
foremost 1.5.6, console program to recover files based on their headers, footers, and internal data structures photorec 6.11, easy carving tool
mount manager 0.2.6, advanced and user friendly mount manager
scalpel 1.60, carving tool
wipe
hex dump, combined hex and ascii dump of any file
outguess, a stegano tool
ophcrack 3.3.0, Windows password recovery
Xplico 0.6 DEFT edition, advanced network analyzer
Wireshark 1.2.2, network sniffer
ettercap 0.7.3, network sniffer
nessus 4, vulnerability and security scanner, client
nessusd 4, vulnerability and security scanner, server
nmap 5, the best network scanner
kismet 2008.05 R1, sniffer and intrusion detection system that work with any wireless card
dmraid, discover software RAID devices
testdisk, tool to recover damaged partitions
vinetto, tool to examine Thumbs.db files
trID 2.02 DEFT edition, tool to identify file types from their binary signatures
readpst 0.6.41, a tools to read ms-Outlook pst files
snmpwalk
chkrootkit, Checks for signs of rootkits on the local system
rkhunter 1.3.4, rootkit, backdoor, sniffer and exploit scanner
john 1.7.2, john the ripper password cracker
clam, antivirus 4.15
---------------DEFT extra 2.0:
System Information
Drive Manager
Reg Scanner
Win Audit
ReSysInfo
USB Deview
Bluethoot View
User Assist view
WRR
My Event View
MSI
Curr Proces
Live Acquisition
FTK imager
Winen
MDD
Forensics Tool
WFT
Zero View
WFA
File Alyser
Nigilant32
USB history
Shell command
PC on/off time
Password Recovery
Asterix logger
PassworFox
Chrome Pass
IE PassView
Wireless Key View
Mail pass view
Incredimail Message Extractor
Networking
Web Browser
IE Cookie View
IE History View
Mozilla Cookie View
Mozilla History View
Mozilla Cache view
Opera Cache View
Chrome Cache View
Index.dat Analyzer 2.0
Historian
FoxAnalisis
Utility tool
Skype Log View
Home Keylogger
HexEdit
SDHash
WipeDisk
USBWriteProtector
Testdisk
LTF View
AVI screen
Hower Snap
VNC Viewer
Sumatra PDF
Putty
Pre-Search
Photorec
Notepad++
WinMD5sum
Abiword
Undelete Plus
Hash calc
IP Net Info
SysInternal
Access Enum
autoruns
diskView
Regmon
WinOBj
Filemon
ProceXp
TCPView
Rootkit Revealer
---------------DEFT v5 features list:
incorruptibility of the partitions
incorruptibility of the swap spaces
linux Kernel 2.6.31
LXDE
apt-get system
vino
rdesktop
samba client
open SSH client & server
ntfs3g
lvm support
brasero
record my desktop
wicd network manager
speedcrunch
Fuentes : http://www.deftlinux.net/, http://distrowatch.com/table.php?distribution=deft
Descargar : http://www.mirrordeft.net/listing/deft/deftv5x.iso
0 comentarios:
Publicar un comentario