Forensics

Helix – http://www.e-fense.com/helix/ Computer Forensics a topic that I have tended to avoid discussing because there are so many definitions of what this encompasses.  But if you have a computer that you suspect as being infested with viruses and malware, this is the tool you need.  If you have a departed employee and you want to see what information they might have passed on to others before their departure, this is the tool you need.  If you need to make a forensic image of a hard drive for legal purposes, this is the tool you need.  Helix provides a Linux OS that keeps your Windows drives locked down so that nothing is compromised on the system.  If you were to take a hard drive out of a computer and place it in a Windows based machine for forensics, Windows would automatically overwrite some of the space on the drive thus corrupting the integrity of your forensic investigation.  You could buy hardware solutions that prevent writing to the device, but why bother when Helix provides that protection and it is free?When you make a forensic image of a drive, Helix not only makes a copy of all data that you can see, it makes a copy of all data that you can NOT see.  It creates a bit-by-bit exact copy of any media.  And the images can be split so that they can be permanently stored on CD or DVD media.  You can even perform a disk to disk copy so that the two drives become identical in every way.

Helix also provides the tools necessary for analyzing your forensic images.  It uses the latest technologies for record keeping and accessing files so that you can recover that information which you thought lost or inaccessible.  No security arsenal would be complete without it. 

Knoppix-STD – http://s-t-d.org/ Known throughout the community as a hacker distribution, Knoppix-STD comes with some baggage.  It provides tools for password cracking, WEP decryption, network intrusion and a plethora of other things that people normally tend to view as bad.  But every tool has its use.  Knoppix-STD provides a way to not only break into things, it is an excellent tool for analyzing your network to see what vulnerabilities might exist.  It helps point you in the right direction so that you can better secure your infrastructure and protect against the next person who comes along with such a powerful tool. 

Discuss this article on the forums. (0 posts)