ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Helix3 Pro"

From ForensicsWiki
Jump to: navigation, search
m
m
Line 31: Line 31:
 
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
 
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
  
 +
* Helix recovers [[ext3]] filesystems during the boot process;
 
* Media in some card readers and firewire devices can be automounted in r/w mode;
 
* Media in some card readers and firewire devices can be automounted in r/w mode;
 
* Live side may collect wrong uptime values from some [[Windows]] systems;
 
* Live side may collect wrong uptime values from some [[Windows]] systems;

Revision as of 16:22, 26 July 2009

Helix3 Pro
Maintainer: e-fense
OS: Linux,Windows,Mac OS X
Genre: Live CD
License: GPL, others
Website: e-fense.com

Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

Tools Included

  • Live side for Mac OS X, Windows and Linux
  • A bootable forensically sound environment (based on Ubuntu)

Open source forensic tools include:

Other tools include:

Helix3 Pro Forensic Issues

Helix3 Pro has several major forensic issues that forensic examiners should be aware of:

  • Helix recovers ext3 filesystems during the boot process;
  • Media in some card readers and firewire devices can be automounted in r/w mode;
  • Live side may collect wrong uptime values from some Windows systems;
  • Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and Unicode encodings.

See Also

Free version: Helix