Difference between revisions of "Helix3"

From ForensicsWiki
Jump to: navigation, search
m (Forensic Issues)
m
Line 42: Line 42:
  
 
* Helix3 will automount [[Ext3]] / [[Ext4]] file systems during the boot process and recover them if required (bug in ''initrd'' scripts);
 
* Helix3 will automount [[Ext3]] / [[Ext4]] file systems during the boot process and recover them if required (bug in ''initrd'' scripts);
* Helix3 can automount some storage devices like firewire devices and MMC;
+
* Helix3 can automount some storage devices like firewire devices and MMC in read/write mode;
 
* Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. [[XFS]]) will result in several data writes to the original media.
 
* Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. [[XFS]]) will result in several data writes to the original media.
  

Revision as of 10:14, 18 September 2009

Helix3
Maintainer: e-fense
OS: Linux,Windows,Solaris
Genre: Live CD
License: GPL, others
Website: e-fense.com

Helix3 is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix.

Tools Included

Helix focuses on Incident Response and forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and forensic techniques.

Bootable Side

and others.

Windows Side

and others.

Windows side can be used to scan for pictures on a live system.

Forensic Issues

  • Helix3 will automount Ext3 / Ext4 file systems during the boot process and recover them if required (bug in initrd scripts);
  • Helix3 can automount some storage devices like firewire devices and MMC in read/write mode;
  • Helix3 relies on file system drivers to provide write protection, mounting some file system types (e.g. XFS) will result in several data writes to the original media.

See Also

External Links