Helix 3 is a collection of forensic tools used for incident response and electronic discovery on devices. It allows users to view system information, acquire live images of memory, perform hashing of files, browse files and folders, and scan for images on a system. Some key capabilities include previewing processes, taking memory captures, using incident response tools like FRU and Nigilant32, and generating hashes of files. The tools are downloaded from the e-fense website and can analyze a system live or from a disk image.
Helix 3 is a collection of forensic tools used for incident response and electronic discovery on devices. It allows users to view system information, acquire live images of memory, perform hashing of files, browse files and folders, and scan for images on a system. Some key capabilities include previewing processes, taking memory captures, using incident response tools like FRU and Nigilant32, and generating hashes of files. The tools are downloaded from the e-fense website and can analyze a system live or from a disk image.
Helix 3 is a collection of forensic tools used for incident response and electronic discovery on devices. It allows users to view system information, acquire live images of memory, perform hashing of files, browse files and folders, and scan for images on a system. Some key capabilities include previewing processes, taking memory captures, using incident response tools like FRU and Nigilant32, and generating hashes of files. The tools are downloaded from the e-fense website and can analyze a system live or from a disk image.
Helix 3 is a collection of forensic tools used for incident response and electronic discovery on devices. It allows users to view system information, acquire live images of memory, perform hashing of files, browse files and folders, and scan for images on a system. Some key capabilities include previewing processes, taking memory captures, using incident response tools like FRU and Nigilant32, and generating hashes of files. The tools are downloaded from the e-fense website and can analyze a system live or from a disk image.
What is Helix tool • A collection of variety of forensic tools used to provide incident response and also do electronic discoveries within device. • It has three variants mainly Helix 3 , Helix 3 enterprise and Helix 3 pro the later two being developed later by e fence. Need of Helix 3 • Our every action leaves behind digital footprint encrypted or hidden which we often ignore but they can be used by a hacker to exploit us and thus they are our vulnerability. • Example is deleted files can be recovered as they aren’t truly deleted but waiting to be reassigned , also our photos often contain our GPS location that can be used against our privacy Installation • Go to http://www.e-fense.com/products.php • Download the original free version of Helix 3 • Incase of an iso file mount it virtually to access Helix 3 application. • Else you can directly access it. List of options • Preview system information • Aquire live image using dd • Incident response tools • Browse contents of cd rom • Scan for pictures from live system • Take investigative notes Preview system information • Here you can view two pages • In first we have owner and network information along with type of drives we have and their storage capacities • In the second we have all the list of running processes in the background. Live acquisition • It has got a stability to capture in image directly above the physical memory of this system here we can choose a location we can set up a destination to actually punch out our d-d our raw image across the network or locally across the network to say an external if we have an external hard drive plugged • Now save the aquired image as a dd because we are using ftk imager so dd the raw images are always best to use Incident response • This is an option that provides various options spread over in three pages 1. Primary operations (page 1) 2. File hashing operations (page 2) 3. Other system operations (page 3) Primary operations 1. Windows Forensic Tool Chest(WFTC) It is used to help look for signs of an incident, intrusion, or to confirm computer misuse or configuration and producing HTML based reports in a forensically sound manner. 2. First Responder Utility(FRU) 3. Incident Response collection Report(IRCR2) It is a script based incident response tool 4. Agile Risk Management’s Nigilant32 It is an incident response tool designed to capture as much information as possible from a running system with the smallest potential impact. File hashing operations • Here you can get your file MD5 hashed • Some other operations like 1. Putty SSH – used to start a Putty SSH client 2. PC on/off time – used to find the On and Off time 3. File recovery – a data recovery tool 4. VNC server - used to start a VNC listener 5. Win audit – used to run win audit utility 6. Rootkit revealer – Finds system discrepancies in rooting Other system operations • Here we get the PST password viewer , mail password viewer , network password viewer , messenger and other password viewers and we can go through it and browse the internet explorer history , look at the Mozilla Firefox cookie viewer , registry viewer , it lets us know what this is usually we can gain an in-depth profile where you have visited what passwords you were using what you devices were in there . Browse Contents • This is just your basic file browser it allows us to go through and see what files are in which directory in laptop we can look two sub directories • At the bottom here you can click on a checkbox for calculating MD hash on files it automatically generates hash in each time Image scanner • This feature scans all the images which could be fetched from the loaded location . The images a re brought from live system and this process may take some time. THANKYOU