To carry out investigations using DFF, we first require the Kali Linux 2016.1 ISO image. I've chosen to use the 64-bit version and also have it running as a virtual host within VirtualBox.

The Kali Linux 2016.1 ISO image can be downloaded from the https://www.kali.org/downloads/:

1. Once Kali 2016.1 is installed as a virtual host, we can use the uname -a command to view the version details:

2. To begin installing DFF, we first need to update the sources.list with the repository used in Kali Sana. Although we browsed directly to the sources.list file in the previous chapter, here are two additional ways in which we can also perform this task using the Terminal.

In a new Terminal, we can type the following:

echo "deb http://old.kali.org/kali sana main non-free contrib" >
 /etc/apt/sources.list

Alternatively, we can instead use the second method by typing the following:

 nano /etc/apt/sources.list

Followed by the details of the repositories:

deb http://http.kali.org/kali kali-rolling main contrib non-free
deb src http://http.kali.org/kali kali-rolling main contrib non-free
deb http://http.kali.org/kali sana main contrib 

3. Then, press Ctrl + X to exit, and press Y to save the changes to the sources.list file:

4. Next, we update Kali by typing apt-get update:

5. Now, we install the Advanced Forensics Format Library by typing:

apt-get install libafflib0

As shown in the preceding screenshot, press Y to continue. This is a somewhat lengthy process as it installs components for several forensic tools including Autopsy, Sleuthkit, Bulk_extractor, and DFF, as shown in the following screenshot:

6. Once the library has been successfully installed, we can install DFF by typing the following:

apt-get install dff

7. Press Y to continue when prompted to allow the installation of DFF 1.3.3 to continue:

8. To ensure that DFF has been successfully installed, we can type dff in the Terminal, which loads the available modules within DFF:

Once the Welcome on Digital Forensics Framework banner is displayed, this means that our DFF installation was successful. We can now begin our investigation by running the DFF GUI: