Home
  CD Contents
  Downloads
  Training
  Changelog
  Forums
  Links
  FAQ
  Documents
  Screenshots
Current Release:
..:: Helix 1.9a (07-13-2007) ::..

MD5 Hash
..:: Helix Store ::..
Support Helix Development

Professional Pressed CD
Professional Pressed CD & Manual
Professional Pressed CD, Manual & T-Shirt

07-13-07
The newest version of Helix has been released. See the changelog.

03-19-07
The live forensics & incident response course has had a price change due to the course being updated. It has also been changed to an intermediate level course. A new advanced course is in active development as is a covert course.

10-06-06
The newest version of Helix has been released. See the changelog.

09-18-06
A new version of Helix will be released on Oct 6, 2006. This version will have many improvements and updated programs. Two of the biggest changes are the addidtion of NTFS-3G for NTFS writes and the fixing of the mount code to prevevent changing the mount count on journaled filesystems.

03-07-06
A new version of Helix has been released to the mirrors for your testing and use. Please report any problems/bugs/suggestions on the Helix forums.


03-01-06
Drew Fahey will be presenting Helix at the Innovations in Digital Forensic Practice conference in Washington DC, on March 27, 2006....


02-21-06
The next version of Helix will be released now on March 7, 2006. Also there is new Helix merchandise available on cafepress . A new Helix quote contest has started...see the forums for details.


02-08-06
Updated the web site to refelect the new Helix 3 day training .


02-06-06
Fixed download page for all you IE users. Also new version will be released on Feb 20, 2006. See the changelog for updates.


01-07-06
Helix Featured on CyberSpeak Podcast


12-30-05
Helix Featured in Information Security Magazine
Helix is not perfect by any means. So this log will be an ongoing listing of the changes, additions, fixes to the Helix Live CD.



Incident Response / Forensics Tools:

  • sleuthkit : Brian Carrier's replacement to TCT.
  • autopsy : Web front-end to sleuthkit.
  • mac-robber : TCT's graverobber written in C.
  • fenris : debugging, tracing, decompiling.
  • wipe : Secure file deletion.
  • MAC_Grab : e-fense MAC time utility.
  • AIR : Steve Gibson Forensic Acquisition Utility.
  • foremost : Carve files based on header and footer.
  • fatback : Analyze and recover deleted FAT files.
  • md5deep : Recursive md5sum with db lookups.
  • sha15deep : Recursive sha1sum with db lookups.
  • dcfldd : dd replacement from the DCFL.
  • sdd : Specialized dd w/better preformance.
  • PyFLAG : Forensic and Log Analysis GUI.
  • Faust : Analyze elf binaries and bash scripts.
  • e2recover : Recover deleted files in ext2 file systems.
  • Pasco : Forensic tool for Internet Explorer Analysis.
  • Galleta : Cookie analyzer for Internet Explorer.
  • Rifiuti : "Recycle BIN" analyzer.
  • Bmap : Detect & Recover data in used slackspace.
  • Ftimes : A toolset for forensic data acquisition.
  • chkrootkit : Look for rootkits.
  • rkhunter : Rootkit hunter.
  • ChaosReader : Trace tcpdump files and extract data.
  • lshw : Hardware Lister.
  • logsh : Log your terminal session (Borrowed from FIRE).
  • ClamAV : ClamAV Anti Virus Scanner.
  • F-Prot : F-Prot Anti Virus Scanner.
  • 2 Hash : MD5 & SHA1 parallel hashing.
  • glimpse : Indexing and query system.
  • Outguess : Stego detection suite.
  • Stegdetect : Stego detection suite.
  • Regviewer : Windows Registry viewer.
  • Chntpw : Change Windows passwords.
  • Grepmail : Grep through mailboxes.
  • logfinder : EFF logfinder utility.
  • linen : EnCase Image Acquisition Tool.
  • Retriever : Find pics/movies/docs/web-mail.
  • Scalpel : Carve files based on header and footer.

    		•
    Copyright © 2005 e-fense.com. All rights reserved.