There was an earlier post(http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=727&highlight=Live)
in which the shortcomings of Helix Live CD were alluded to. It was mentioned that these shortcomings were demonstrated in the Cybercrime Summit in Atlanta.
As a service to the computer forensics community(and to the Helix developers), can someone that attended the summit please post these shortcomings so that those of us who use Helix can know which tools (or set of tools) to avoid? I personally only use it for duplicating, but woul dlike to explore it for other uses.
Thanks,
A
A,
I'll leave it to someone else to list out any real or perceived issues with Helix. I'd rather not get into a deep discussion about these, nor help development of that product since I'm actively working on two other Linux CDs.
At the end of the day, if the tool works for you, then you're okay, right?
regards,
farmerdude
Farmer,
Yes. But part of a tool "working for me" is the ensurance that it will maintain the integrity of evidence, among other things. I appreciate your position, but I'm looking for someone interested in the greater good here, to step up and identify shortcomings of a product. Don't we do this all the time in this forum? I've had my complaints about FTK and would gladly bring up it's shortcoming. I'd still recommend using it for many parts of an examination - but might recommend another tool for certain tasks. What's all the hocus-pocus about Helix Live CD?
Sincerely,
A
I'm looking for someone interested in the greater good here, to step up and identify shortcomings of a product.
Well, you could be the one to do that.
I've had my complaints about FTK and would gladly bring up it's shortcoming.
As I use FTK Imager quite often, I'd be interested in hearing enough about shortcomings in the product (or any other AccessData product) whereby I could replicate them.
- but might recommend another tool for certain tasks.
I'd be interested in hearing your views on that, as well.
What's all the hocus-pocus about Helix Live CD?
I'm not sure that there is any. As you're addressing farmerdude, all he did was post to the thread saying that he wasn't going to post on the subject of the thread.
Key,
You may be missing my point. I'm open to discussing the pros and cons of any tool that I use(and if you want to discuss FTK, we can start a new thread for that). I value, even rely on, the input of others here and their experiences, good or bad, with a tool. Helix Live CD is no exception. So how about a discussion of the Helix Live CD, starting with the shortcomings identified by farmer in the Cybercrime Summit?
I think we can have an intelligent discussion without trashing the Live CD.
A
Ac_forensics,
Got a link that farmer's discussion? I'd like to get up to speed on it before discussing it…
H
Link to former discussion on HELIX
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&p=6104#6104
I would also like to hear what's wrong with HELIX.
I too would like to hear about some "real or perceived shortcomings" with Helix. I've read the other thread more than once and have been quite frustrated by the lack of information provided to support the claim.
-jhs
I love Helix and all Linux forensics boot CDs for that matter… yes, even farmerdude's. I do have one complaint about Helix. It (and nothing else I have found) can run in Vista. I need it specifically for RAM dumps in Vista. Cygwin1.dll, that allows the Helix boot CD to operate in XP, is not present in Vista, Helix can't run. Short coming? I don't think so since Helix was here before Vista but would sure love a Linux guru to post something about this.
Mikeypopo,
I'm not sure I'm clear on what you're looking for here.
First off, cygwin1.dll isn't on Vista…in fact, it's not shipped by default on any version of Windows that I'm familiar with.
Now, why would you want a Linux guru to address issues with not being able to access the PhysicalMemory object from user mode on Vista (as well as Windows 2003 SP1)?
Harlan