Difference between revisions of "Helix3 Pro"

From Forensics Wiki
Jump to: navigation, search
m
m
Line 31: Line 31:
 
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
 
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
  
 +
* Helix recovers [[ext3]] filesystems during the boot process;
 
* Media in some card readers and firewire devices can be automounted in r/w mode;
 
* Media in some card readers and firewire devices can be automounted in r/w mode;
 
* Live side may collect wrong uptime values from some [[Windows]] systems;
 
* Live side may collect wrong uptime values from some [[Windows]] systems;

Revision as of 11:22, 26 July 2009

Helix3 Pro
Maintainer: e-fense
OS: Linux,Windows,Mac OS X
Genre: Live CD
License: GPL, others
Website: e-fense.com

Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

Tools Included

  • Live side for Mac OS X, Windows and Linux
  • A bootable forensically sound environment (based on Ubuntu)

Open source forensic tools include:

Other tools include:

Helix3 Pro Forensic Issues

Helix3 Pro has several major forensic issues that forensic examiners should be aware of:

  • Helix recovers ext3 filesystems during the boot process;
  • Media in some card readers and firewire devices can be automounted in r/w mode;
  • Live side may collect wrong uptime values from some Windows systems;
  • Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and Unicode encodings.

See Also

Free version: Helix