DEFT or Digital Evidence & Forensic Toolkit is a Linux distribution that is made up of a GNU / Linux and the DART (Digital Advanced Response Toolkit), suite it is dedicated to digital forensics and other intelligence activities.
The very first version of DEFT Linux was introduced back in 2005, and it is now one of the main solutions used by the law enforcement agencies in the times of computer forensic investigations.
In addition to the considerable number of Linux scripts and applications, DEFT also features DART suite that contains Windows applications (both closed source and open source) which are still OK to use as there is no known equivalent in the Unix world.
There are certain characteristics that inherent to DEFT which minimize the risk of altering the data that is being subjected to analysis.
Some of these features are:
During boot, the system will not use swap partitions on the system that is being analysed.
On system startup, there are no automatic mount scripts.
All the mass storage and network traffic acquisition tools do not alter the data being acquired.
There are no automated systems for any activity during the analysis of evidence.