Just wondered if anyone is going to subscribe in order to download Helix? I, for one, won't be doing anything of the sort. I know that the team has worked hard on this product but it feels like they've pulled the rug out from under us. I'm going to be using Caine instead methinks.
… I'm going to be using Caine instead methinks.
Not come across Caine before, but looks quite interesting.
What also would be of interest is an depth review of live-forensic CDs which I think Jamie suggested a few weeks back.
Granted I'm sure they put a lot of time in to certain aspects of it (on their own free will), my perception is, in the end, they are compiling a bunch of free tools that other people wrote. If I need a tool, I'll just get the one I need for the one off jobs I need them for, directly from the source.
To answer your question, no, will not be subscribing. Should have included a poll (if you can here).
P.S. Before it turns in to a debate, this was not a bash or discredit in any way, just my .02. More than one way to skin a cat.
To expand the discussion a little, if our area of work is going to grow in the right direction, we need more tools to do the job. The tools I want to use will be reliable, supported, reviewed, tested, updated etc etc. We can't have our cake and eat it. If you want quality in anything, then you have to pay. What other forensic experts (toxicology, finger prints etc) have forums where they moan about having to pay for tools and exchange tips on how to get things for free? If we want to be regarded as professionals then we have to dig into our pockets and support the development of these tools.
Sorry if that sounds like a rant, been a long day, time for a mug of tea and Under Seige for the 99th time.
I just noticed the other day that they went to a subscription structure. I will not be utilizing Helix anymore because of this.
While I agree to a point with regard to going to a "for fee" business model (for the work they put in), I don't think any of us have an unlimited budgets. In light of that, when making budget descisions relative to what I'm going to spend on what tool, there are more powerful and robust tools to spend that money on. Helix was perfect in that it was quick and easy.
Don't get me wrong, I love(d) Helix. In order to succeed though, they will have to be more reliable on the updates. There were a lot of promises for new version schedules that were consistently broken last year. They will not be able to get away with that on a for fee basis in my opinion.
Just to reiterate pbbeardmore, I am aware they spent a lot of time on a lot of portions, but the tools for the most part have already existed and are free from the developers; dcfldd for example. You don't need to subscribe to this service that grouped them all together in a nice package in order to use these nice tools that have been reliable, supported, reviewed, tested and updated, etc, etc.
I agree with CI2019, this doesn't take away from the fact that it has been a very convenient tool in the past. As I've said twice already, there is no doubt that they have put significant effort in to it; but…meh.
I recently purchased their Live Response USB. This was after several days of back and forth E-Mails and discussion with David Dawson and Andrew Fahey at e-fense.
While the "old" Helix was a mix of Open Source and other tools, the new tools are a complete re-write. There are now three levels of Helix. The CD is really a preview tool, the USB is a capture tool and the Enterprise version is a "deployable" tool that can integrate with an IDS or other tools.
I have some white papers and other material sent to me by e-fense that I can forward if they are not on the e-fense site.
Good evening,
What would be really valuable is some unbiased, end user reviews of the tools.
I am also not buying the new subscription, in part because I paid $200 for a copy of Helix last year to support what I felt was a good cause and then was told that it would not apply to the new subscription service. I also found that TrueCrypt was taken out of the newer version and, when I asked about it going back in, was told "in the next few days" and that was months ago.
I'm not going to cut off my nose to spite my face, but I'm also not going to pony up $14 per month for tools of unknown value and support of unknown quality.
If the new tools are a complete re-write, how much field testing and verification has been done on them?
-David
What would be really valuable is some unbiased, end user reviews of the tools.
If the new tools are a complete re-write, how much field testing and verification has been done on them?
It has only been a week since I received the USB, so I really have not had much time to examine it. Live Response is quite different than the previous Helix CD. Live Response is based on the Aperio LE only tool (which I was told has been in use for a couple of years) and is really a one button capture the system tool. Before going into the field you use the management console to determine what items to capture. In the field you plug in the USB, if it auto-runs you click the capture button and sit back for 10 minutes or so. If auto-run is disabled you have to manually launch the application. So far it has worked on every test system on which I have tried it.
You can capture multiple systems and then download the results to the management console (works as advertised). The only limit is the included 16GB drive, although I was told you can move the application to a larger drive. A 64GB drive is available as an option.
When finished and the data is downloaded, you use the console to wipe the drive and ready it for the next use (a feature I want to verify).
This is a very new tool to me and I am sure my brief description is less than you want, but all I have for now.
Maybe a list of known forensic boot disks could be compiled? Probably best to include free and commercial so as to give everyone the choice. (apologies if this has already been done).
Here's a few to get started
DEFT linux
SPADA (LE only)
fccu-linux
Penguin Sleuth Kit
PlainSight
All above are freeware (for now anyway).
Any more?…