Difference between revisions of "Helix3 Pro"
From Forensics Wiki
m |
m |
||
| Line 38: | Line 38: | ||
== See Also == | == See Also == | ||
| − | Free version: [[ | + | Free version: [[Helix3]] |
[[Category:Incident response tools]] | [[Category:Incident response tools]] | ||
Revision as of 03:04, 18 September 2009
| Helix3 Pro | |
|---|---|
| Maintainer: | e-fense |
| OS: | Linux,Windows,Mac OS X |
| Genre: | Live CD |
| License: | GPL, others |
| Website: | e-fense.com |
Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.
Tools Included
- Live side for Mac OS X, Windows and Linux
- A bootable forensically sound environment (based on Ubuntu)
Open source forensic tools include:
- dc3dd
- aimage
- The Sleuth Kit (3.0.1, with "light" version of Autopsy, with libewf support)
- foremost
- Volatility
- Several tools for mobile phone forensics
Other tools include:
Helix3 Pro Forensic Issues
Helix3 Pro has several major forensic issues that forensic examiners should be aware of:
- Helix recovers ext3 filesystems during the boot process;
- Media in some card readers and firewire devices can be automounted in r/w mode;
- Live side may collect wrong uptime values from some Windows systems;
- Live side has preliminary support for "foreign languages". For example, cyrillic characters are not supported in PDF reports; cyrillic characters in TXT reports are stored in both cp-1251 and Unicode encodings.
See Also
Free version: Helix3
