Difference between pages "COFEE" and "Helix3 Pro"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
{{expand}}
 
 
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = COFEE |
+
   name = Helix3 Pro |
   maintainer = Microsoft |
+
   maintainer = [[e-fense]]|
   os = {{Windows}} |
+
   os = {{Linux}}, {{Windows}}, {{Mac OS X}} |
   genre = {{Incident response}} |
+
   genre = {{Live CD}}, {{Incident Response}} |
   license = {{commercial}} |
+
   license = {{GPL}}, others |
   website = [http://www.microsoft.com/industry/government/solutions/cofee/default.aspx www.microsoft.com] |
+
   website = [http://www.e-fense.com/helix3pro.php e-fense.com]  
 
}}
 
}}
  
'''Computer Online Forensic Evidence Extractor (COFEE)'''
+
'''Helix3 Pro''' is a [[Live CD]] built on top of [[Ubuntu]]. It focuses on [[Incident Response|incident response]] and [[computer forensics]].
 +
 
 +
== Tools Included ==
 +
 
 +
* Live side for [[Mac OS X]], [[Windows]] and [[Linux]]
 +
* A bootable forensically sound environment based on [[Ubuntu]]
 +
 
 +
Open source forensic tools include:
 +
 
 +
* [[dc3dd]]
 +
* [[aimage]]
 +
* [[The Sleuth Kit]] (3.0.1, with "light" version of [[Autopsy]], with [[libewf]] support)
 +
* [[foremost]]
 +
* [[Volatility]]
 +
* Several tools for mobile phone forensics
 +
 
 +
Other tools include:
 +
* [[LinEn]]
  
COFEE is a piece of Microsoft software designed to all the easy capture of important "live" computer evidence at the scene in cybercrime investigations, without special forensics expertise.
+
== Forensic Issues ==
  
The fully customizable tool allows your on-the-scene agents to run more than 150 commands on a live computer system. It also provides reports in a simple format for later interpretation by experts or as supportive evidence for subsequent investigation and prosecution. And the COFEE framework can be tailored to effectively meet the needs of your particular investigation.
+
* Helix3 Pro can automount some storage devices like firewire devices and MMC in read/write mode;
To help combat the growing number of ways that criminals use computers and the Internet to commit crimes, Microsoft is working with INTERPOL and the National White Collar Crime Center (NW3C) to provide COFEE at no cost to law enforcement agencies in 187 countries worldwide. INTERPOL and NW3C are also working with Florida State University and University College Dublin to continue the research and development that will help ensure that COFEE serves the needs of law enforcement, even as technology evolves.
+
* Helix3 Pro relies on file system drivers to provide write protection, mounting some file system types (e.g. [[XFS]]) will result in several data writes to the original media.  
  
Law enforcement can get COFEE from NW3C at www.nw3c.org or by contacting INTERPOL at COFEE@interpol.int.
+
== See Also ==
  
== External Links ==
+
Free version: [[Helix3]]
* [http://www.microsoft.com/industry/government/solutions/cofee/default.aspx Official web site]
+

Revision as of 05:39, 18 January 2014

Helix3 Pro
Maintainer: e-fense
OS: Linux,Windows,Mac OS X
Genre: Live CD, Template:Incident Response
License: GPL, others
Website: e-fense.com

Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.

Tools Included

Open source forensic tools include:

Other tools include:

Forensic Issues

  • Helix3 Pro can automount some storage devices like firewire devices and MMC in read/write mode;
  • Helix3 Pro relies on file system drivers to provide write protection, mounting some file system types (e.g. XFS) will result in several data writes to the original media.

See Also

Free version: Helix3