2.) and i have managed to create this through the use of freeware tools and simple batch scripting for the automation.
Seems alot of money for such a tool.
Very much agree. Done it myself with some of the Sysinternals tools amongst others with a very simple batch file. Perhaps I could put it on a £15 USB stick and sell it for £400? wink
Perhaps I could put it on a £15 USB stick and sell it for £400? wink
Sure you could. )
But then you'll have to see how many "pieces" you will be able to sell….. wink
jaclaz
I have 2 things to comment on the Helix Live Response USB.
1.) Correct me if im wrong but the tool is collecting non volatile data, this seems silly as its resulting in more interaction with the system and producing a larger footprint.
2.) Im currently working on a U3 based live forensics project which performs the same functionality (apart from certain features as point 1 says) and i have managed to create this through the use of freeware tools and simple batch scripting for the automation.
Seems alot of money for such a tool.
Seth, seeing as you asked,
1.) The tool is also for collecting volatile data. Great care has been taken to minimize the footprint. The footprint is a known consequence of live forensics though and is a barrier met by all live forensic tools/cd's.
Wardy,
Are e-fense confident that they will sell enough to turn a profit or has there been a significant backlash over charging?
Seth, seeing as you asked,
The tool is also for collecting volatile data. Great care has been taken to minimize the footprint. The footprint is a known consequence of live forensics though and is a barrier met by all live forensic tools/cd's.
I completely agree some sort of footprint is an inevitability but therefore the best action is to keep it as small as possible. Extracting non volatile information form a live system only produces a needlessly larger footprint as this data is easily extracted in the post mortem analysis.
However depending on the scenario such as one in which a post mortem analysis is not able to be carried out i agree certain non volatile data needs to be extracted.
Wardy,
Are e-fense confident that they will sell enough to turn a profit or has there been a significant backlash over charging?
DFICSI, if I am honest, I am the wrong person to ask, I don't see the money coming into the company, and I don't see the sales being made.
Sure there has been some backlash, it was to be expected. I do know there have been a lot of possitive comments too.
My agency is actually interested in hosting training for the new release of Helix 3. I'm interested to see what they've done and look forward to the direction E Fence takes the product line. As mentioned before, I think it's important to realize our contribution helps them develop better tools. We as a community were given the chance to contribute monetarily through a donation program, but those efforts failed. E Fence has been left with no choice but to charge for something. The cost is minimal and well worth it in the long run I think. True there are some tools there that are and have been free for quite some time. I'm not a proponent against free utilities mind you, but Helix is tried and true. We know we can rely on them and in my talks with Dave Dawson and Tom Richardson over training, I feel very confident E Fence is heading in the right direction.
My .02
As far as live stuff goes, Caine has a live Windows portion that is a bit impressive. Have not done a tool-by-tool comparison w/ Helix, but at first look it appeared to be close. Deft also has one, and a specific iso for flash drives. As far as I go right now, Helix, Deft, and Caine are my choices.
I seriously think one of them should implement Bitpim though.
Hello everybody, I am Giancarlo Giustini, CAINE Project manager. I literary stumbled in this forensic forum and I saw this conversation about my distro.
Anyone would like to give me a recension of CAINE? Did you found useful the CAINE Interface and WinTaylor? Have you encountered any kind of problems or issue?
Thank you! D
just to try to clarify the point i was making earlier in the post.
when you have an open source/ freeware tool that you come to rely on, i would rather pay for that tool. This can help to develop it further, give the creator more time to focus on it's improvement, get staff to help etc.
There are tools that we use here as part of nearly every investigation that we do. These are free tools, with a great track record. The guy that wrote them does a hurculean job of supporting them on top of his very busy day job. He is also on holiday.
Whilst he would still respond to support requests, i'm not comfortable in submitting them under those circumstances. I'd happily pay an annual fee to allow this product to be developed.
As for Helix, does anyone here rely on it to that extent? don't know. we certainly don't. If you do, i would hazard the guess that you should be happy to pay for it.
could not have put it better myself