I finally found some time to start testing forensic tools, and the first
thing coming to mind would be to download Helix and just dive into it.
So off to the e-fense website I go, only to be greeted by the fact that
Helix is now no longer free :( A previous version is still available for
download here, but
newer versions are to be purchased from now on.
Oh what to do, what to do without Helix! No worries, however great Helix was, some other forensic LiveCDs exist that might be worth the try.
To begin with, there's the FCCU GNU/Linux Forensic Boot CD, created by the Belgian Federal Computer Crime Unit (FCCU). For some reason, Autopsy always seemed to work better for me on this LiveCD than it did on Helix, but then again I probably just did something wrong :) It contains a whole lot of apps that were also available on Helix, plus a bunch of scripts written by the FCCU themselves.
Probably the best alternatives would be DEFT Linux and Farmer's Boot CD. I haven't tried either one of them yet myself, but both look very nice.
Some more exist, such as Penguin Sleuth, FIRE and Snarl, but they don't seem to be updated anymore.
One could also turn to BackTrack, STD or nUbuntu. Even though these are intended to be for penetration testers, they do have a small variety of forensic tools as well.
I guess there's plenty of forensic tool testing waiting for me!
Oh what to do, what to do without Helix! No worries, however great Helix was, some other forensic LiveCDs exist that might be worth the try.
To begin with, there's the FCCU GNU/Linux Forensic Boot CD, created by the Belgian Federal Computer Crime Unit (FCCU). For some reason, Autopsy always seemed to work better for me on this LiveCD than it did on Helix, but then again I probably just did something wrong :) It contains a whole lot of apps that were also available on Helix, plus a bunch of scripts written by the FCCU themselves.
Probably the best alternatives would be DEFT Linux and Farmer's Boot CD. I haven't tried either one of them yet myself, but both look very nice.
Some more exist, such as Penguin Sleuth, FIRE and Snarl, but they don't seem to be updated anymore.
One could also turn to BackTrack, STD or nUbuntu. Even though these are intended to be for penetration testers, they do have a small variety of forensic tools as well.
I guess there's plenty of forensic tool testing waiting for me!
