Difference between revisions of "Helix3"

From ForensicsWiki
Jump to: navigation, search
(Added license. Removed irrelevant link. Cosmetic fixes.)
 
(31 intermediate revisions by 10 users not shown)
Line 1: Line 1:
'''Helix''' is a [[live cd]] built on top of [[Knoppix]]. It focuses on [[incident response]] and [[computer forensics]].
+
{{Infobox_Software |
 +
  name = Helix3 |
 +
  maintainer = [[e-fense]]|
 +
  os = {{Linux}}, {{Windows}}, {{Solaris}} |
 +
  genre = {{Live CD}}, {{Incident response}} |
 +
  license = {{GPL}}, others |
 +
  website = [http://www.e-fense.com/helix3-download.php e-fense.com]  
 +
}}
  
=Features=
+
'''Helix3''' is a [[Live CD]] built on top of [[Ubuntu]]. It focuses on [[Incident Response|incident response]] and [[computer forensics]].
  
==File Systems Understood==
+
According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix.
  
==File Search Facilities==
+
== Tools Included ==
  
==Historical Reconstruction==
+
Helix focuses on Incident Response and forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and forensic techniques.
  
Can it build timelines and search by creation date?
+
=== Bootable Side ===
  
==Searching Abilities==
+
* [[The Sleuth Kit]] (3.0.0)
 +
* [[dc3dd]]
 +
* [[dcfldd]]
 +
* [[LinEn]]
 +
* [[aimage]]
  
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?
+
''and others.''
  
==Hash Databases==
+
=== Windows Side ===
  
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases?
+
* [[FTK Imager]]
What sort of hash functions does it use?
+
* [[mdd]]
 +
* [[WinDD | win32dd]]
 +
* [[winen]]
 +
* [[WFT]]
 +
* [[IRCR]]
  
==Evidence Collection Features==
+
''and others.''
  
Can it sign files? Does it keep an audit log?
+
Windows side can be used to scan for pictures on a live system.
  
=History=
+
== Forensic Issues ==
  
Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.
+
* Helix3 will automount [[Ext3]] / [[Ext4]] file systems during the boot process and recover them if required (bug in ''initrd'' scripts);
 +
* Helix3 can automount some storage devices like firewire devices and MMC in read/write mode;
 +
* Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. [[XFS]]) will result in several data writes to the original media.
  
==License Notes==
+
== See Also ==
  
""''Helix is based off of the original Knoppix distribution and retains all of the original licenses from that distribution. All additions that I have made are covered under GPL or by the licenses of the prospective authors.''" -- [http://www.e-fense.com/helix/faq.php Helix FAQ].
+
* [[Helix3 Pro]]
  
= External Links =
+
== External Links ==
  
* [http://www.e-fense.com/helix/ Official website]
+
* [http://forum.charlestendell.com Helix3 CE Forum]
 
+
==External Reviews==
+

Latest revision as of 04:40, 18 January 2014

Helix3
Maintainer: e-fense
OS: Linux,Windows,Solaris
Genre: Live CD,Incident Response
License: GPL, others
Website: e-fense.com

Helix3 is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix.

Tools Included

Helix focuses on Incident Response and forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and forensic techniques.

Bootable Side

and others.

Windows Side

and others.

Windows side can be used to scan for pictures on a live system.

Forensic Issues

  • Helix3 will automount Ext3 / Ext4 file systems during the boot process and recover them if required (bug in initrd scripts);
  • Helix3 can automount some storage devices like firewire devices and MMC in read/write mode;
  • Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. XFS) will result in several data writes to the original media.

See Also

External Links