Recent Entries
Popular articles
Topics
Recommended links

RSS icon Subscribe

» View my profile
Technorati

del.icio.us My links on del.icio.us

Tags
analysis antivirus application security auditing botnets breaches cloud computing compliance crime cryptography DNS encryption forensics humor interesting Linux Malware marketing network pentest phishing php Privacy rant reference software ssl sysadmin tool tools trends ubuntu Virtualization virtualization security vmware vulnerabilities vulnerability+assessment web web application security webappsec web security windows Windows security wireless xss

« Previous article — Next article »

Helix forensics CD now payware

March 19th, 2009 Posted by D Webber

Oh no! Helix, the most popular compilation of forensics software on a bootable CD became payware only in February 2009. Now a $15/month subscription is required.

Previously, anyone could download and use the ISO for free, which lead to wide adoption… for example, the SANS forensic course uses it, and it was the tool of choice at a Canadian lead security agency where I used it to examine compromised workstations.

The best alternative right now seems to be the relatively new Live CD CAINE.

If your only goal is to obtain a valid disk image, Raptor from Forward Discovery is still free. There are also multiple other live CDs that include The Sleuth Kit and other collections of forensic tools.

(A side note: CAINE, Raptor and most other forensic toolkits still do not sign their downloads with GPG or PGP. The CAINE and Raptor download pages, for example, only provide MD5 checksums to validate integrity of the files. That’s great for verifying that your download worked, but provides zero assurance that the image on the web server you downloaded form was not tampered with.

Yes, I’ve ranted about this before, but it’s especially relevant for forensic toolkits where a major goal to preserve evidence for legal use. That’s not easy when you can’t prove the tools you used to image and examine a drive were not tampered with themselves.)

Posted in Law & enforcement |
Tags: , , , ,

2 Responses to “Helix forensics CD now payware”:

  1. Atlanta Private Investigator Says:
    March 20th, 2009 at 8:50 am

    I’d like to draw your attention to http://www.forensicbootcd.com. It is the only CD designed from the ground up with forensics in mind. In the interest of full disclosure my company did develop some of the initial tools included on this CD. The CD is not free.

    Also, there is an interesting thread on a Yahoo group called linux forensics where it was clear that the Helix folks made no effort to fix blatant, obvious errors in their tools. Worth researching.

    Just my 0.02.

  2. Charles Tendell Says:
    April 4th, 2009 at 11:44 pm

    While the free version of the original Helix3 from E-fense may no longer be available. A community edition project has released its first beta. http://forum.charlestendell.com This project aims to maintain a 100% free tool suite designed to combine computer forensics, data recovery & network security into a total incident response toolkit.
    Please help support this project.


Article contents copyright © Advosys Consulting Inc. Comments are copyright of the author
Icons courtesy Wikimedia Commons and are copyright of their authors.