Difference between revisions of "Helix3 Pro"
From Forensics Wiki
m |
|||
| (One intermediate revision by one user not shown) | |||
| Line 29: | Line 29: | ||
== Forensic Issues == | == Forensic Issues == | ||
| − | * Helix3 will automount [[Ext3]] / [[Ext4]] file systems during the boot process and recover them if required (bug in ''initrd'' scripts); | + | * Helix3 Pro will automount [[Ext3]] / [[Ext4]] file systems during the boot process and recover them if required (bug in ''initrd'' scripts); |
| − | * Helix3 can automount some storage devices like firewire devices and MMC. | + | * Helix3 Pro can automount some storage devices like firewire devices and MMC in read/write mode; |
| + | * Helix3 Pro relies on file system drivers to provide write protection, mounting some file system types (e.g. [[XFS]]) will result in several data writes to the original media. | ||
== See Also == | == See Also == | ||
Revision as of 09:14, 18 September 2009
| Helix3 Pro | |
|---|---|
| Maintainer: | e-fense |
| OS: | Linux,Windows,Mac OS X |
| Genre: | Live CD |
| License: | GPL, others |
| Website: | e-fense.com |
Helix3 Pro is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics.
Tools Included
- Live side for Mac OS X, Windows and Linux
- A bootable forensically sound environment (based on Ubuntu)
Open source forensic tools include:
- dc3dd
- aimage
- The Sleuth Kit (3.0.1, with "light" version of Autopsy, with libewf support)
- foremost
- Volatility
- Several tools for mobile phone forensics
Other tools include:
Forensic Issues
- Helix3 Pro will automount Ext3 / Ext4 file systems during the boot process and recover them if required (bug in initrd scripts);
- Helix3 Pro can automount some storage devices like firewire devices and MMC in read/write mode;
- Helix3 Pro relies on file system drivers to provide write protection, mounting some file system types (e.g. XFS) will result in several data writes to the original media.
See Also
Free version: Helix3
