Helix3

From ForensicsWiki
Revision as of 16:40, 21 March 2006 by Uwe Hermann (Talk | contribs)

Jump to: navigation, search

Helix is a live cd built on top of Knoppix. It focuses on incident response and computer forensics.

Features

File Systems Understood

File Search Facilities

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?

Evidence Collection Features

Can it sign files? Does it keep an audit log?

History

Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.

License Notes

""Helix is based off of the original Knoppix distribution and retains all of the original licenses from that distribution. All additions that I have made are covered under GPL or by the licenses of the prospective authors." -- Helix FAQ.

External Links

External Reviews