Helix v2.0 released
aaron posted in Uncategorized on September 30th, 2008
Helix is the definitive computer forensics, incident response live CD distribution, and it has recently released version 2.0. Here is the listed of updated features. Among lots of new tools and tool upgrades, one big change is that it is now based on Ubuntu rather than Knoppix. Some other cool new tools that have been added to Helix are winlockpwn which bypasses windows authentication via firewire, Volitility for parsing processes, network information and many other things out of raw memory, and something else cool from metlstorm, bioskbsnarf, which parses the realmode keyboard buffer out of the bios data area. It looks like a couple of the newer memory dumping utilities for windows have also been added to the windows live portion of the distro.
The only bad thing that I’ve noticed is that the static binaries (important for incident response) are no longer distributed directly on the CD, but at least they are still available for download. Maybe they (or someone else) will put together a DVD that includes these.
I was told a while before the release came out that it was no longer going to be free, so
I’m pretty glad to see this release is public and still free. That being said, it’s a worthwhile project to contribute to, so I’d suggest buying a pressed CD to help them out. If not — happy downloading, .
PS — And yes, it is v2.0 that has been released despite them calling the distribution “Helix 3″ for some slightly confusing reason.