New Helix version released
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here.
All new features at a glance:
Linux Side:
- Fixed Helix Mount code for journaled file systems. Helix will NO longer change the journal mount count when you mount a journaled file system.
- Updated md5deep suite to 1.12
- Updated Clamav to 0.88.2
- Updated Sleuthkit to 2.06
- Updated Autopsy to 2.08
- Updated Foremost to 1.3
- Updated Scalpel 1.54 to carve data
- Updated EnCase Linen to 5.05f
- Updated Adepto 2.0 – With AFF support now
- Added endeavour2 file manager
- Added ssdeep 1.0 for fuzy hashing
- Added AFFlib 1.6.31 for image acquisition
- Added NTFS-3G for native NTFS write support
- Added libewf library
- Added ptfinder memory analysis code from Andreas Schuster
- Removed Solaris static binaries from CD
- Replaced evince with xpdf
Windows Side:
- Updated the Helix executable code
- Update code for command shell paths
- Update all Cygwin tools to latest
- Updated all unxutil tools
- Updated Static Binaries (linux)
- Updated MessenPass to v1.08
- Updated Mail PassView to v1.36
- Updated Protected Storage PassView to v1.63
- Updated Network Password Recovery to v1.03
- Updated IECookiesView to v1.70
- Updated IEHistoryView to v1.32
- Updated RegScanner to v1.30
- Updated FTK Imager to 1.5.1
- Updated Forensic Server Project to 1.0
- Updated PsTools Version to 2.34 (Psexec, psinfo, pslist, etc)
- Updated Process Explorer to 10.2
- Added PstPassword v1.00
- Added Access PassView 1.12
- Added PC On/Off Time
- Added Winaudit v2.15
- Added Drive Manager v3.23
- Added ReSysInfo v2.1
- Added Icon to start a NC listener
- Added code to Windows GUI for investigative notes
October 19th, 2006 at 10:23
We just discovered that the pcat binary is gone from the non-bootable side od Helix 1.8. I’ll check that with the e-fense guys.