Helix Live – Forensic analysis of a computer :)

“Download your copy today and save a windows machine tomorrow.” –zushiba

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques. That said Helix is used by the following organizations for Incident Response/Forensics Training:

  • e-fense: Helix Incident Response & Computer Forensics
  • NW3C: Linux Forensics
  • SANS Track 508: System Forensics, Investigation and Response.
  • InfoSec Institute: Computer Forensics Training
  • SEARCH: Basic Investigators Training
  • Share Button

    One Reply to “Helix Live – Forensic analysis of a computer :)”

    1. I am trying to image a drive in a laptop but Helix seems to be unable to detect the internal drive in the DEll LAtitude 820. All it sees are the CDROM and USB drives. I need help ASAP. Hopefully someone can answer this

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.