Saturday, February 14, 2009

Helix3: Thanks for the memories…

Buried in the reams of RSS feeds this week was this disturbing gem.

What?

Why would someone need to replace Helix?  It’s been arguably the best free LiveCD tool for doing “forensics” work on a system that I have had the chance to work with!

I did a bit  more searching and found the answer:

The developers of Helix3 have decided to support their work by going to a commercial business model.

Then next generation of Helix3 “Pro” will be copyrighted and available via subscription only.

They have some various news about the new product they will be soon offering.

BTW – Helix3 isn’t a version. The “3” references the three “modes” of Helix: Incident Response, Electronic Discovery, and Forensics.  The last “free” version appears to be (2008R1) by my accounting.  According to e-fense, the latest current version (for subscribers) is Helix3 2009R1.

I’ve got no beef with this decision.  They’ve done considerable work getting this thing going and out the door for so long.  Best wishes for them to earn some green from their efforts.

In addition to offering training sessions and various security-related services, they will also be bringing out three new/improved products:

I’m just sad to see it no longer be freely available.

Where do we go from here?

Fortunately, the void left by Helix3 doesn’t seem to be open for long.

There are some new and improved offerings of LiveCD based forensic tools in the pipes.

Replacing Helix – SecuraBit – The SecuraBit team is working with the SUMO Linux (5 builds in one: Backtrack 3, Helix 2.0, Samurai Linux, DBAN, DVL) developer to make a replacement for Helix that combines the very best of all the free forensics tools out there.  Can’t wait to see what this one will deliver!

Helix3 (free) – The last free version of Helix.  Now fully requires contact info for direct-download of distro file.

SUMO Linux – mentioned before, this LiveDVD made by Marcus J. Carey and Sun Tzu Data packages four security and forensics related distributions into a single disk.

DEFT Linux – Until SecuraBit’s distro comes out, this is where my money is being placed at the moment.  Right now the DEFT team has released version 4 of their Xubuntu based LiveCD for forensics work.  There is a version 4.1 beta there, as well as word that version 4.2 is coming soon.  DEFT version 5 might see release at the end of 2009.  Also available are builds for a USB device install (bootable).  All these DEFT versions also come with Windows forensics tool bags.  Cool.  I plan to do some downloading of these latest USB and beta versions next week.  I’ll let  you know what I “discover”.

Thanks for the memories. and I guess I had better make sure my current Helix ISO files are kept safe for the future.

--Claus V.

5 comments:

ctendell said...

Helix3 CE (community edition) Will be available mid April. Some of the updates to the cd will be removing some of the unnecessary applications, upgrading the TSK, adding support for e01 and other images pre compiled & more.

Please show your support by going to http://forums.charlestendell.com

Claus said...

@ ctendell - thank you for starting this new project. I wish you and the development team best regards for your efforts.

Here is a hotlink to your Helix3 CE forum. The link in your comment appeared to have a typo.

HelixCE Community Edition

Anonymous said...

I've been using CAINE for forensics for about 2 months now and can do everything I was doing with HELIX3 just as easy if not easier.

ctendell said...

Thank you for your support. HelixCE beta RC1 was released today.
http://forum.charlestendell.com/viewtopic.php?f=3&t=17

Lauren said...

e-fense has listened to the Computer forensics community and are now providing Helix3 2009R1 FREE. Helix3 Pro, the newest product from e-fense is available through a subscription to the e-fense forum.

Helix3 Pro is different from Helix3! Helix3 Pro version has a Live (MAC, Windows & Linux) and bootable side for any x86 system.

www.e-fense.com