DEFT (Digital Evidence & Forensics Toolkit) is a Linux distribution that’s developed to cater the needs of the professionals and non-experts to gather and preserve digital evidence. This free and open source operating system comes loaded with some of the best open source applications for computer forensics.

The developers of DEFT recently released DEFT Zero, dubbed version 2017.1, that’s supposed to be the lightweight version of this hacker Linux distro. This release is here after about 2 years of hiatus by DEFT team.

Features of DEFT Zero Linux 2017.1

DEFT Zero Linux 2017.1 needs lesser memory to run, 400MB to be precise. This means that you can boot this digital forensics operating system on an obsolete and low resource PC. It also supports 32-bit as well as 64-bit hardware, with Secure Boot and UEFI.

The other big features of DEFT Zero 2017.1 are the support for NVMExpress memories (MacBook 2015) and the eMMC memories.

Based on Lubuntu 14.04.02 LTS, the future releases of DEFT Zero will be developed in parallel with DEFT full version.

Three booting modes in DEFT Zero

DEFT Zero Linux 2017.1 comes in three boot modes — RAM preload GUI mode, GUI mode, and text mode. The RAM preload mode loads DEFT Zero in RAM with GUI to get you started. RAM preloading means that after the booting, you can remove the disk or the USB drive. For this, the hardware must be having at least 512MB RAM.

The second mode, the normal GUI mode, consumes lesser RAM than preload mode. If you’re using an old hardware and you prefer a GUI, this mode is perfect for you. However, if you love the command line, you can go for the text mode. It also uses lesser RAM as compared to the other two modes.

DEFT “Zero” Download

Just in case you’re interested in trying out DEFT Zero Linux 2017.1, you can visit this link and download the ISO file. To get started, refer to this quick guide.