Notifications
Clear all

Linen basics

paulo111
(@paulo111)
Junior Member

Does anyone have a very basic beginners guide to using linen (via helix 3). I am pretty new to linux in general, and was suprised to find little out there in the way of user guides. There are a few youtube clips but the quality wasnt great so I clearly see all the commands. The version of Linen on the copy of Helix I have is 6.12.0.21. I want to do a few test acquisitions of the internal drive on my laptop and write them out to an NTFS formatted USB. From what I gather you can use NTFS on newer releases of Linen.

Out of interest are there any alternative boot CD's with in built forensic imaging applications that you use, and how do they compare to Linen?

Many Thanks

Quote
Topic starter Posted : 31/12/2014 5:45 pm
jaclaz
(@jaclaz)
Community Legend

Out of interest are there any alternative boot CD's with in built forensic imaging applications that you use, and how do they compare to Linen?

Well, more or less this is asking to do a comparative review of several available Linux based bootCD's + a few different builds of WinFE.

You can try Caine
http//www.caine-live.net/index.html
which includes among other tools guymager
http//guymager.sourceforge.net/

And a build of WinFE including (say) FTK imager and/or clonedisk and DMDE
http//winfe.wordpress.com/
http//reboot.pro/files/file/375-mini-winfe/

The latter .zip is MIA at the moment, but for the sake of quick testing you can get previous version from Wayback Machine
https://web.archive.org/web/20140724024318/http//mistype.reboot.pro/mistype.current/MistyPE.2014.06.04.zip

jaclaz

ReplyQuote
Posted : 31/12/2014 8:10 pm
athulin
(@athulin)
Community Legend

Does anyone have a very basic beginners guide to using linen (via helix 3).

It's not for beginners – and Guidance Software probably wants you to attend one of their courses to learn how to use LinEn. I've tried it out a couple of times, but I see little reason to use it. The forensic dd versions are usually easier, not the least because they're command line tools, so you can see what's going on.

From what I gather you can use NTFS on newer releases of Linen.

It's doesn't depend on LinEn, but on the Linux platform it runs on. Modern ones do support writing to NTFS. Helix 3 is a bit old, though – can't remember if it has a good version of NTFS. At one time you had to mount a target NTFS drive as -t ntfs-3g … but that may be even further back.

Out of interest are there any alternative boot CD's with in built forensic imaging applications that you use, and how do they compare to Linen?

Lots. Raptor and Kali Linux are the two first that comes to mind, but there are several other. See http//www.forensicswiki.org/wiki/CategoryLive_CD for some of them.

ReplyQuote
Posted : 31/12/2014 10:52 pm
EricZimmerman
(@ericzimmerman)
Active Member

guymager did best in my testing of imagers.

https://docs.google.com/spreadsheets/d/1wXX5zYql7KIPgrsDdt6S5bTuGt_WRjWaBde1D0fhG5k/edit#gid=0

its in several live cds

ReplyQuote
Posted : 02/01/2015 6:02 am
gorvq7222
(@gorvq7222)
Active Member

Hi

Many tools can acquire disk images. If you are interested in LinEN, first make sure Subject and Examiner laptop/PC are in the LAN and network connection is ready. Then use LinEN live CD to boot Subject,follow instructions input necessary info,then service is listen…Second, you run EnCase on the Examiner to add network evidence…that's how LinEN works…

Suggest you get some basic Linux and network knowledge first, then you will find it easy to use.
Wish you success

Rick

ReplyQuote
Posted : 08/01/2015 5:45 pm
minime2k9
(@minime2k9)
Active Member

Not a huge fan of Linen to be honest. Personally I would get a copy of DEFT 8 (freely available), boot to that and use Guymager, DD or DD rescue depending on your needs.

ReplyQuote
Posted : 09/01/2015 10:18 pm
Share:
Share to...