Drew is releasing knttools on Helix3. I'm trying to get clarification of this.
I believe that may be a misunderstanding, KnTTools is licensed software by GMG Systems, Inc. I agree it does need clarification by either Drew or George. I suspect that Drew is hinting that Helix 2 will have capabilities to acquire memory from Windows 2003 SP1 machines and above, but I doubt it will have the KnTTools license.
One other thing I neglected to mention about KnTTools, you can convert a raw physical memory dump to Microsoft's propriety crash dump format. This is important because it means that you can use any number of different debugging tools to perform analysis.
I'm trying to get clarification of this.
You may be interested in this which now appears on the KnTTools web site
The KnTToolsâ„¢ and KnTListâ„¢ are exclusively distributed by GMG Systems, Inc. Bundling of the KnTToolsâ„¢ and/or KnTListâ„¢ with a third party software package is not being contemplated at this time.
Sorry Harlan. regarding Helix - I mistyped the 3 (instead of 2). Either way I can't wait for the new distro. Not having KnTTools IN Helix but as a separate utility - ecko6 explained it better. sorry for the miscommunication.
What are we doing with them? I'll PM you. I would prefer that since this is a relatively new area on the LE side that I tell you in private. And yes, it is the fear of the unknown - specifically training. I know in my state there is NO state sanctioned forensics training for LE. We have AICIS and iLook - and if you are luck enough to have the $$$ and the approval FLETC (Fed LE Training Center) which is AMAZING. I was lucky enough to get into a class but I had to wait almost a year. We get some FTK and EnCase classes. The fear of the unknown is born from lack of proper training. I know municipal CF folks that have intro FTK and are being thrown into cases. I feel sorry for them because it's trial by fire.
I did email George but no reply.
MikeyPopo,
I heard from George…which email did you use? He told me that he never received an email from you.
Also, did you PM me?
Harlan
Yea, my partner sent him an email from his gov't account. Yes, I PM'ed you..let me check. We are just going to mail in an order after I figure out if we want this suite of tools.
You'll probably want his suite of tools to get you started. I'm writing my own tools, so I just got the basic set. However, it's going to take some time for me to get the tools together. The good news is that due to some recent emails and posts in groups, I may include searching for other artifacts, as well, such as event records (2000, XP, 2003) and Registry keys.
Harlan