Helix3 2.0 lançado

A E-Fense lançou ontem a versão 2.0 do seu Live CD Helix3 - uma ótima alternativa open-source para resposta a incidentes e forense computacional "live"..

Nesta versão, o Linux utilizado como base foi o Ubuntu, o que certamente facilitará no processo de atualização das várias ferramentas que compõem a distribuição - listadas abaixo:

Ferramentas Gráficas:

• Adepto & Air - GUI front-ends to dd/dcfldd/sdd
• linen: EnCase Image Acquisition Tool
• Retriever: (picture/video) capturing utility for “quick peeks”, and general searches
  
• Autopsy Forensic Browser - graphical interface to the command line digital investigation analysis tools in The Sleuth Kit
• pyFlag - simplify the process of log file analysis and forensic investigations
• RegViewer - *Nix viewer / navigator for windows registry file
• xhfs - graphical front-end for browsing and copying files on HFS-formatted
  volumes
• Ethereal - allow you to interactively browse network traffic
• ClamAV and F-Prot Anti Virus Scanners
  

Command Line:

• 2hash: MD5 & SHA1 parallel hashing.
• bmap: Detect & Recover data in used slackspace
  
• ChaosReader: Trace tcpdump files and extract data
  
• chkrootkit: Look for rootkits.
• chntpw: Change Windows passwords.
• dcfldd: dd replacement from the DCFL.
• e2recover: Recover deleted files in ext2 file systems.
• f-prot: F-Prot Anti Virus Scanner.
• fatback: Analyze and recover deleted FAT files.
• faust.pl: Analyze elf binaries and bash scripts.
• fenris: debugging, tracing, decompiling.
• foremost: Carve files based on header and footer.
• ftimes: A toolset for forensic data acquisition.
• galleta: Cookie analyzer for Internet Explorer.
• glimpse: Indexing and query system.
• grepmail: Grep through mailboxes.
• logfinder.py: EFF logfinder utility.
• logsh: Log your terminal session
• lshw: Hardware Lister.
• mac-robber: TCT's graverobber written in C.
• md5deep: Recursive md5sum with db lookups.
• outguess : Steganography detection suite.
• pasco: Forensic tool for Internet Explorer Analysis.
• rifiuti: "Recycle BIN" analyzer.
• rkhunter: Rootkit hunter.
• scalpel: Fast File Carver
• sdd: Specialized dd w/better performance.
• sha1deep: Recursive sha1sum with db lookups.
• sha256eep: Recursive sha1sum with db lookups.
• stegdetect: Steganography detection suite.
• wipe: Secure file deletion.

Várias organizações utilizam o Helix como base para treinamentos :

e-fense: Helix Live Forensics

NW3C: Linux Forensics

SANS Track 508: System Forensics, Investigation & Response

InfoSec Institute: Computer Forensics Training

SEARCH: Basic Investigators Training