Difference between pages "Helix3 Pro" and "Knoppix STD"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
 +
{{Deprecated Software}}
 +
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = Helix3 Pro |
+
   name = Knoppix STD |
   maintainer = [[e-fense]]|
+
   maintainer = [[STD project]] |
   os = {{Linux}}, {{Windows}}, {{Mac OS X}} |
+
   os = [[Linux]] |
 
   genre = {{Live CD}}, {{Incident response}} |
 
   genre = {{Live CD}}, {{Incident response}} |
   license = {{GPL}}, others |
+
   license = {{GPL}} |
   website = [http://www.e-fense.com/helix3pro.php e-fense.com]  
+
   website = [http://s-t-d.org/ s-t-d.org/] |
 
}}
 
}}
  
'''Helix3 Pro''' is a [[Live CD]] built on top of [[Ubuntu]]. It focuses on [[Incident Response|incident response]] and [[computer forensics]].
+
Knoppix STD is a [[computer forensics]] / [[Incident Response|incident response]] [[Live CD]] based on Knoppix.
 
+
== Tools Included ==
+
 
+
* Live side for [[Mac OS X]], [[Windows]] and [[Linux]]
+
* A bootable forensically sound environment based on [[Ubuntu]]
+
 
+
Open source forensic tools include:
+
 
+
* [[dc3dd]]
+
* [[aimage]]
+
* [[The Sleuth Kit]] (3.0.1, with "light" version of [[Autopsy]], with [[libewf]] support)
+
* [[foremost]]
+
* [[Volatility]]
+
* Several tools for mobile phone forensics
+
  
Other tools include:
+
== Tools ==
* [[LinEn]]
+
  
== Forensic Issues ==
+
=== Forensics ===
  
* Helix3 Pro can automount some storage devices like firewire devices and MMC in read/write mode;
+
* [[Sleuthkit]] 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
* Helix3 Pro relies on file system drivers to provide write protection, mounting some file system types (e.g. [[XFS]]) will result in several data writes to the original media.  
+
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
 +
* biew : binary viewer
 +
* bsed : binary stream editor
 +
* consh : logged shell (from F.I.R.E.)
 +
* coreography : analyze core files
 +
* dcfldd : US DoD Computer Forensics Lab version of dd
 +
* fenris : code debugging, tracing, decompiling, reverse engineering tool
 +
* fatback : Undelete FAT files
 +
* foremost : recover specific file types from disk images (like all JPG files)
 +
* ftimes : system baseline tool (be proactive)
 +
* galleta : recover Internet Explorer cookies
 +
* hashdig : dig through hash databases
 +
* hdb : java decompiler
 +
* mac-robber : TCT's graverobber written in C
 +
* [[md5deep]] : run md5 against multiple files/directories
 +
* memfetch : force a memory dump
 +
* pasco : browse IE index.dat
 +
* photorec : grab files from digital cameras
 +
* readdbx : convert Outlook Express .dbx files to mbox format
 +
* readoe : convert entire Outlook Express .directory to mbox format
 +
* rifiuti : browse Windows Recycle Bin INFO2 files
 +
* secure_delete : securely delete files, swap, memory....
 +
* testdisk : test and recover lost partitions
 +
* wipe : wipe a partition securely. good for prep'ing a partition for dd
 +
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
  
== See Also ==
+
== External Links ==
  
Free version: [[Helix3]]
+
* [http://s-t-d.org/ Official Site]
 +
* [http://forum.s-t-d.org/ Support Forum]

Latest revision as of 04:41, 18 January 2014

40px-Ambox warning pn.png

This tool is deprecated.
The tool that this page describes is deprecated and is no longer under active development.
Further information might be found on the discussion page.

Knoppix STD
Maintainer: STD project
OS: Linux
Genre: Live CD,Incident Response
License: GPL
Website: s-t-d.org/

Knoppix STD is a computer forensics / incident response Live CD based on Knoppix.

Tools

Forensics

  • Sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
  • autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
  • biew : binary viewer
  • bsed : binary stream editor
  • consh : logged shell (from F.I.R.E.)
  • coreography : analyze core files
  • dcfldd : US DoD Computer Forensics Lab version of dd
  • fenris : code debugging, tracing, decompiling, reverse engineering tool
  • fatback : Undelete FAT files
  • foremost : recover specific file types from disk images (like all JPG files)
  • ftimes : system baseline tool (be proactive)
  • galleta : recover Internet Explorer cookies
  • hashdig : dig through hash databases
  • hdb : java decompiler
  • mac-robber : TCT's graverobber written in C
  • md5deep : run md5 against multiple files/directories
  • memfetch : force a memory dump
  • pasco : browse IE index.dat
  • photorec : grab files from digital cameras
  • readdbx : convert Outlook Express .dbx files to mbox format
  • readoe : convert entire Outlook Express .directory to mbox format
  • rifiuti : browse Windows Recycle Bin INFO2 files
  • secure_delete : securely delete files, swap, memory....
  • testdisk : test and recover lost partitions
  • wipe : wipe a partition securely. good for prep'ing a partition for dd
  • and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

External Links