Difference between revisions of "Helix3 Pro"
From Forensics Wiki
m |
m |
||
| Line 31: | Line 31: | ||
Helix3 Pro has several major forensic issues that forensic examiners should be aware of: | Helix3 Pro has several major forensic issues that forensic examiners should be aware of: | ||
| + | * Helix recovers [[ext3]] filesystems during the boot process; | ||
* Media in some card readers and firewire devices can be automounted in r/w mode; | * Media in some card readers and firewire devices can be automounted in r/w mode; | ||
* Live side may collect wrong uptime values from some [[Windows]] systems; | * Live side may collect wrong uptime values from some [[Windows]] systems; | ||
Revision as of 11:22, 26 July 2009
| Helix3 Pro | |
|---|---|
| Maintainer: | e-fense |
| OS: | Linux,Windows,Mac OS X |
| Genre: | Live CD |
| License: | GPL, others |
| Website: | e-fense.com |
Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.
Tools Included
- Live side for Mac OS X, Windows and Linux
- A bootable forensically sound environment (based on Ubuntu)
Open source forensic tools include:
- dc3dd
- aimage
- The Sleuth Kit (3.0.1, with "light" version of Autopsy, with libewf support)
- foremost
- Volatility
- Several tools for mobile phone forensics
Other tools include:
Helix3 Pro Forensic Issues
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
- Helix recovers ext3 filesystems during the boot process;
- Media in some card readers and firewire devices can be automounted in r/w mode;
- Live side may collect wrong uptime values from some Windows systems;
- Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and Unicode encodings.
See Also
Free version: Helix
