Helix For Linux

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD.

With Helix you can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques.

Here are some key features of "Helix":

� sleuthkit 1.73 : Brian Carrier's replacement to TCT. � autopsy 2.03 : Web front-end to sleuthkit. � mac-robber 1.0 : TCT's graverobber written in C. � fenris .07 : debugging, tracing, decompiling. � wipe 0.20-1 : Secure file deletion. � MAC_Grab : e-fense MAC time utility. � GRAB 1.2.2 : e-fense Forensic Acquisition Utility. � foremost 0.69 : Carve files based on header and footer. � fatback 1.3 : Analyze and recover deleted FAT files. � md5deep 1.2 : Recursive md5sum with db lookups. � sha15deep 1.2 : Recursive sha1sum with db lookups. � dcfldd 1.0 : dd replacement from the DCFL. � sdd 1.31-3 : Specialized dd w/better preformance. � PyFLAG 0.74 : Forensic and Log Analysis GUI. � Faust 1.13 : Analyze elf binaries and bash scripts. � e2recover 1.0 : Recover deleted files in ext2 file systems. � Pasco 1.0 : Forensic tool for Internet Explorer Analysis. � Galleta 1.0 : Cookie analyzer for Internet Explorer. � Rifiuti 1.0 : "Recycle BIN" analyzer. � Bmap 1.0.20 : Detect & Recover data in used slackspace. � Ftimes 3.4.0 : A toolset for forensic data acquisition. � chkrootkit 0.44-2 : Look for rootkits. � rkhunter 1.2.0 : Rootkit hunter. � ChaosReader 0.94 : Trace tcpdump files and extract data. � lshw A.01.07 : Hardware Lister. � logsh : Log your terminal session (Borrowed from FIRE). � ClamAV 0.80.1 : ClamAV Anti Virus Scanner. � F-Prot : F-Prot Anti Virus Scanner. � 2 Hash 0.2 : MD5 & SHA1 parallel hashing. � glimpse 4.18.0 : Indexing and query system. � Outguess 0.2-5 : Stego detection suite. � Stegdetect 0.5-6 : Stego detection suite. � Regviewer : Windows Registry viewer. � Chntpw : Change Windows passwords. � Grepmail 5.3030 : Grep through mailboxes. � logfinder 0.1 : EFF logfinder utility. � Retriever 1.0 : Find pics/movies/docs/web-mail.

� LinNeighboorhood 0.6.5-3 : Linux network neighborhood. � ntop 3.0-3 : Network top, protocol analyzer. � iptraf 2.7.0-5 : Network monitor. � arping 2.01-3 : Ping hosts by MAC. � arpwatch 2.1a13-1 : Another arp tool. � macchanger 1.4.0-1 : Change MAC addr. � mtr 0.58-1 : X11 traceroute. � samba 3.0.5-1 : File and print services.

� sshd 3.8p1 : Secure encrypted communications. � vnc 3.3.7-1 : Virtual Network Computing. � freenx : SSH based Virtual Network Computing. � netcat 1.10 : Read and write data across network. � cryptcat 1.10 : Encrypted netcat.

� ethereal 0.10.6-1 : Network traffic analyzer. � ettercap 0.7.0-1 : Sniff on a switched network and more. � ngrep 1.42-1 : Network grep. � tcpdump 3.8.3-3 : The network dump program. � tcpreplay 2.2.2-1 : Replay tcpdump or snoop captures. � dsniff 2.4b1-6 : Doug Songs wonderful sniffing utilities. � ipgrab 0.9.9-1 : Pen Register, only gets TCP Header. � TcpTrack 1.1.3-1 : Sniffer for TCP connections. � Sguil 0.5.3 : Sguil Client.

� nessus 2.0.10a-6 : Vulnerability scanner. � nasl : Command line to nessus. � nmap 3.55-1 : Network port mapper. � hping2 2.rc3-3 : Port scanner, host enumerator, etc.

� aircrack 1.4 : Better WEP crack than Airsnort. � airsnort 0.2.4a-1 : WLAN Sniffer, crack WEP. � airtraf 1.1 : Another wireless locator tool. � kismet 2004.04.R1-5 : The best 802.11x monitoring tool. � kismet log viewer 0.9.7 : Log management program. � macchanger 1.5.0-1 : Change your MAC address. � gpsd 2.09-1 : GPS Daemon. � Misc : Other wireless information.