Forensic Focus - Computer Forensics, Computer Forensic Training, Digital Forensics
LoginRegisterForumsPapersEducationGraduate RecruitmentReviewsInterviewsNewsletterJobsEventsBlog
Search Forensic Focus
Custom Search
Graduate Recruitment

computer forensics graduate jobs

Follow Forensic Focus

Join newsletter

Join LinkedIn group

Follow on Twitter

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Members' blogs

External feeds

Bookmark & share: Bookmark and Share

Main Menu
MY ACCOUNT
COMMUNITY
EMPLOYMENT
EDUCATION
RESOURCES
MISC
Computer Forensics Newsletter
Newsletter

You must be a
registered user
to receive our newsletter

Register Now!
Forensic Focus

Forensic Focus

Copy and paste the text below to insert the button displayed above on your site. Thanks for your support!


Alternatives to Helix3

Page: 1/3

by BJ Gleason

Author's note: The article you are about to read was originally written in March 2009. The kind people at Linux+DVD magazine have allowed us to make my articles available after the printed version of the magazine is no longer available. At the time it was written, all the information it contained was accurate and up-to-date but due to the somewhat lengthy process of creating and distributing a magazine, things change. Since the time this article was written, the good people at e-fense have changed their policy and have re-released the original version of Helix3, free to the masses. The versions of the software I discuss in the article have also been updated. However, even though it may seem a bit dated at this point, it does serve as a reminder of thoughts, attitudes, and concerns at the time. There is a follow-up article that will be posted (after it appears in the printed magazine), updating the re-release, and giving a review of Helix3 Pro.


A few issues ago, in my two-part series, An Introduction to Digital Forensics, the major tools being used were from the Helix3, ver 1.9, Live CD, a combined Windows/Linux forensic environment designed for e-discovery, computer forensic analysis and incident response. Since that article was published, several major events have taken place.

The first was that Helix3 2.0 was released. This was a major update, where the underlying Linux base was changed from Knoppix to Ubuntu, many tools were added, and most of the rest were updated. It was a significant, well-received update. However, in March of 2009, Drew Fahey, the lead developer of Helix3 and the good people at e-fense.com changed its distribution policies. Helix3 is now only available to paying subscribers. By the time this articles appears, the monthly fees for access to the Helix3 forums, as well as gaining access to the latest versions of the Live CD, and the updated manual, will be $14.95 per month. (Full Disclosure: I am the co-author of the Helix manual, which grew out of the materials I developed for my forensic classes. I have never received any financial compensation for my contributions, and am a paying member of the Helix3 forums).

In addition, Helix3 will be getting another major upgrade. While in the past, Helix3 was a collection of tools from various sources, the new system, Helix3 Pro is to be an all-in-one distribution, with all the tools developed and written from the ground up. This promises to be a very interesting release, and we will review it when it is available.

While I am sure that this was not an easy decision to make, I believe that all developers are entitled to whatever compensation they desire for the work they do, and I wish e-fense all the best in this new venture. However, this turn of events has generated a lot of concern in the various forensic and security blogs and forums from users who have used Helix3 for free over the past six years.

With Helix3 now isolated behind a paywall, this has created a bit of a vacuum in the Forensic Live CD arena, and people have started to look for tool sets to replace it. While there are many Forensic Live CDs available, many seem to have been abandoned, or have not been updated in several years, which would mean working with out-of-date tools, and possible having problems with some of the newer hardware. It would even be possible to roll-your-own version; however, this can be quite complicated and time-consuming. While there have even been some calls for volunteers to assist in the creation of a Helix Community Edition, it appears that there may already be several worthy successors already available.

To be considered a true replacement for Helix3, a Linux Live CD would have to include tools that can be run in a Windows environment to allow the investigators to perform live system captures. Based on the discussions in the various forums, the two primary contenders appear to be CAINE and DEFT.


CAINE - Computer Aided Investigative Environment

Of the two distros, CAINE seems to be closest in look, feel, and functionality to the Helix3 environment. It is based on Ubuntu Linux 8.04, and contains a Windows autorun GUI. CAINE is available as a 643MB ISO download from http://www.caine-live.net/, and it is version 0.5 that is used in this review.

CAINE started as the graduation thesis of the lead developer, Giancarlo Giustini, at the Information Engineering Department of the University of Modena e Reggio Emilia, Italy. CAINE was designed to wrap the common forensic tools in a user-friendly GUI to help streamline the investigative process.

On the Windows side, CAINE provides WinTaylor, a point-and-click interface to many incident response and collection tools. The autorun utility pops up first, presenting the standard disclaimers, and gives the user the option to install the VB6 Runtime library, or the ability to register the .ocx files if running under Vista, if needed (see Figure 1).

Figure 1 - CAINE startup screen under Windows

An alterative to using the WinTaylor GUI is to run the forensic utilities from inside Windows Internet Explorer. As always, it is important to remember that everything done on a live system modifies the system being examined, and all efforts should be made to minimize any changes to the system (see Figure 2).

Figure 2 - WinTaylor, a GUI for a large number of Windows based forensic tools

Once WinTaylor is started, the Analysis 1 tab provides access to a number of NIRSoft and other tools used for extracting system and personal information. It is recommended that you disable any Anti-virus programs, as many of these tools are often flagged as hacking tools, trojans, or backdoors. Analysis 2 Tab contains RAM and Network tools such as MDD< Win32dd, Winen, fport, TCPView and Advanced LAN Scanner. Analysis 3 contains FTK Imager, Windows Forensic Toolchest, and Nigilant 32. The remaining two tabs provide access to the Sysinternals Suite of tools in either a GUI or command line environment. In addition, the GUI provides access screen snapshot utility and a file hash calculator.






Next Page (2/3) Next Page


Forensic Education

computer forensics education choices COURSE DIRECTORY

User Info

Welcome Anonymous

Nickname

Membership:
Latest: gamfim
New Today: 4
New Yesterday: 13
Overall: 13602

People Online:
Members: 2
Visitors: 6
Bots: 9
Staff: 0
Staff Online:

No staff members are online!
Latest Jobs

Computer Forensics Examiners- Virginia
Last post by keydet89 in Computer Forensics Job Vacancies on Mar 13, 2010 at 19:56:37

Investigations Manager-China- Salary Neg
Last post by Teval in Computer Forensics Job Vacancies on Mar 12, 2010 at 16:51:00

EDISCOVERY SENIOR ANALYST & MANAGER LONDON
Last post by ScottBurkeman in Computer Forensics Job Vacancies on Mar 11, 2010 at 17:02:47

DATA ANALYTICS & COMPUTER FORENSICS - LONDON, T0 £60000
Last post by ScottBurkeman in Computer Forensics Job Vacancies on Mar 11, 2010 at 16:12:33

Forensic Data Analytics senior associate- London upto 40k +
Last post by ChrisHolt in Computer Forensics Job Vacancies on Mar 09, 2010 at 19:36:48

Digital Forensic Analyst (Fort Worth, Texas)
Last post by pispy4u in Computer Forensics Job Vacancies on Mar 01, 2010 at 00:23:53

Senior Researcher & Research Officer - Staffordshire Uni, UK
Last post by Fab4 in Computer Forensics Job Vacancies on Feb 27, 2010 at 21:19:57

PhD Studentship, Cranfield University, Shrivenham
Last post by charg in Computer Forensics Job Vacancies on Feb 22, 2010 at 14:52:15

Forensic eDiscovery Mgr Global consultancy (London)
Last post by ChrisHolt in Computer Forensics Job Vacancies on Feb 19, 2010 at 16:57:38

Director, Center for Crimminal Justice Training Glenville WV
Last post by JasonMcDougal in Computer Forensics Job Vacancies on Feb 18, 2010 at 14:31:34

Computer Forensics Blog
· Guest blog post: TACTICAL trial by fire
· Computer forensics education directory updated
· Computer forensics education directory now online
· US academic institutions - final call for contact details!
· Hidden Hymn
· Adroit Photo Forensics review
· Interview with Russell May, 4N6 Investigation
· Forensic Computing PhD, UK
· The Value of Push Button Computer Forensics
· Academic institutions - updated

read more...
Members' Blogs

Start Blogging

What is Computer Forensics?
Computer forensics (or forensic computing) is the use of specialized techniques for recovery, authentication, and analysis of electronic data with a view to presenting evidence in a court of law.
Computer Forensics Downloads
  1: Forensic Examination of Digital Evidence: A Guide for Law Enforcement (pdf)
  2: ACPO Good Practice Guide for Computer based Electronic Evidence
  3: Electronic Crime Scene Investigation: A Guide for First Responders (pdf)
  4: Ancysoft Data Recovery Software
  5: HELIX incident response CD
  6: PDA Forensic Tools:An Overview and Analysis
  7: Forensics Plan Guide & Forensic Cookbook
  8: Recover My Files
  9: Autopsy Forensic Browser Version 2.03 (source code)
  10: Handy Recovery

Use of this website signifies your agreement to the Terms of Use/Privacy Policy available here.

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2010 Forensic Focus


Interactive software released under GNU GPL, Code Credits, Privacy Policy
.: fisubsilver shadow phpbb2 style by Daz :: CPG-Nuke port by norseman :: ported to CPG-Dragonfly by jamin :.