Helix3

From Forensics Wiki

Helix3
Maintainer:	e-fense
OS:	Linux,Windows,Solaris
Genre:	Live CD
License:	GPL, others
Website:	e-fense.com

Helix3 is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix.

Contents 1 Tools Included 1.1 Bootable Side 1.2 Windows Side 2 Forensic Issues 3 See Also 4 External Links

Tools Included

Helix focuses on Incident Response and forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and forensic techniques.

Bootable Side

• The Sleuth Kit (3.0.0)
• dc3dd
• dcfldd
• LinEn
• aimage

and others.

Windows Side

• FTK Imager
• mdd
• win32dd
• winen
• WFT
• IRCR

and others.

Windows side can be used to scan for pictures on a live system.

Forensic Issues

• Helix3 will automount Ext3 / Ext4 file systems during the boot process and recover them if required (bug in initrd scripts);
• Helix3 can automount some storage devices like firewire devices and MMC in read/write mode;
• Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. XFS) will result in several data writes to the original media.

See Also

• Helix3 Pro

External Links

• Helix3 CE Forum