I thought Helix had statically compiled, trusted Linux binaries that incident responders could use to gather data. I just downloaded Helix 2.0 and all I see are Windows response tools. What's going on?
I thought Helix had statically compiled, trusted Linux binaries that incident responders could use to gather data. I just downloaded Helix 2.0 and all I see are Windows response tools. What's going on?
Check the download page closer – static binaries are a separate download category from the Helix3 ISO image.
I thought Helix had statically compiled, trusted Linux binaries that incident responders could use to gather data. I just downloaded Helix 2.0 and all I see are Windows response tools. What's going on?
Due to space limitations on the CD, the static binaries for Linux and Solaris are downloadable from the website.
Thanks for the replies… I've downloaded the binaries and it looks like I could just put them on a CD or thumb drive. However, as I recall there was a shell script in Helix 1.9a that you could run to automate the process of collecting volatile data, but that doesn't seem to be included with these binaries. Have I overlooked that as well?
And what's preventing e-fense from using DVDs for Helix instead of CDs?
And what's preventing e-fense from using DVDs for Helix instead of CDs?
Not all machines have DVDs - Drew wants to aim at the most common platform.
If you wish, you can remaster it on a DVD and add those tools, or put it on a USB stick and add your own tools. You can use uNetbootin to make a bootable USB from the helix iso image. Once you copy it to a USB, you can then add in your own tools or customize the ones that are there.
However, I would recommend using a USB stick with a read/write switch so the drive can not be infected when used on a suspect's machine. if you can't find a USB stick with a read/write switch, use a SD card (which has a read/write switch) in a SD/USB adapter.
bj
That's pretty cool, thanks bjgleas!
This isn't the only thing they removed, and everything they have is something I actively use it seems.
mt - the version of mt for tape handling has been cut down and most of the important/useful fuctionality removed.
samba - what if your on a windows network and want to mount a windows share drive to image to? Tuff luck buddy!
midnight commander (mc) - i'd be happier if they removed the crappy window manager file manager instead. Such a handy util to lose.
Also, adepto doesnt see RAID controllers, even though Helix actually mounts them read only.
There's is plenty more. Useful things removed and replaced with not-so useful things. I'll make a thread on it one day.
If they wanted people to move to another Forensic CD, they're doing a pretty good job with me.