Difference between revisions of "Helix3 Pro"

From ForensicsWiki
Jump to: navigation, search
Line 38: Line 38:
== See Also ==
== See Also ==
Free version: [[Helix]]
Free version: [[Helix3]]
[[Category:Incident response tools]]
[[Category:Incident response tools]]

Revision as of 08:04, 18 September 2009

Helix3 Pro
Maintainer: e-fense
OS: Linux,Windows,Mac OS X
Genre: Live CD
License: GPL, others
Website: e-fense.com

Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

Tools Included

  • Live side for Mac OS X, Windows and Linux
  • A bootable forensically sound environment (based on Ubuntu)

Open source forensic tools include:

Other tools include:

Helix3 Pro Forensic Issues

Helix3 Pro has several major forensic issues that forensic examiners should be aware of:

  • Helix recovers ext3 filesystems during the boot process;
  • Media in some card readers and firewire devices can be automounted in r/w mode;
  • Live side may collect wrong uptime values from some Windows systems;
  • Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and Unicode encodings.

See Also

Free version: Helix3