Difference between revisions of "Helix3 Pro"

From Forensics Wiki
Jump to: navigation, search
m (moved linen)
m
Line 26: Line 26:
 
Other tools include:
 
Other tools include:
 
* [[LinEn]]
 
* [[LinEn]]
 +
 +
== Helix3 Pro Forensic Issues ==
 +
 +
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
 +
 +
* Media in some card readers and firewire devices can be automounted in r/w mode;
 +
* Live side may collect wrong uptime values from some [[Windows]] systems;
 +
* Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and [[Unicode]] encodings.
  
 
== See Also ==
 
== See Also ==

Revision as of 04:39, 12 July 2009

Helix3 Pro
Maintainer: e-fense
OS: Linux,Windows,Mac OS X
Genre: Live CD
License: GPL, others
Website: e-fense.com

Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

Tools Included

  • Live side for Mac OS X, Windows and Linux
  • A bootable forensically sound environment (based on Ubuntu)

Open source forensic tools include:

Other tools include:

Helix3 Pro Forensic Issues

Helix3 Pro has several major forensic issues that forensic examiners should be aware of:

  • Media in some card readers and firewire devices can be automounted in r/w mode;
  • Live side may collect wrong uptime values from some Windows systems;
  • Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and Unicode encodings.

See Also

Free version: Helix