Home

CD Contents

Downloads

Training

Changelog

Forums

Links

FAQ

Documents

Screenshots



Current Release: ..:: Helix 1.9a (07-13-2007) ::.. MD5 Hash



..:: Helix Store ::.. Support Helix Development Professional Pressed CD Professional Pressed CD & Manual Professional Pressed CD, Manual & T-Shirt



07-13-07 The newest version of Helix has been released. See the changelog. 03-19-07 The live forensics & incident response course has had a price change due to the course being updated. It has also been changed to an intermediate level course. A new advanced course is in active development as is a covert course. 10-06-06 The newest version of Helix has been released. See the changelog. 09-18-06 A new version of Helix will be released on Oct 6, 2006. This version will have many improvements and updated programs. Two of the biggest changes are the addidtion of NTFS-3G for NTFS writes and the fixing of the mount code to prevevent changing the mount count on journaled filesystems. 03-07-06 A new version of Helix has been released to the mirrors for your testing and use. Please report any problems/bugs/suggestions on the Helix forums. 03-01-06 Drew Fahey will be presenting Helix at the Innovations in Digital Forensic Practice conference in Washington DC, on March 27, 2006.... 02-21-06 The next version of Helix will be released now on March 7, 2006. Also there is new Helix merchandise available on cafepress . A new Helix quote contest has started...see the forums for details. 02-08-06 Updated the web site to refelect the new Helix 3 day training . 02-06-06 Fixed download page for all you IE users. Also new version will be released on Feb 20, 2006. See the changelog for updates. 01-07-06 Helix Featured on CyberSpeak Podcast 12-30-05 Helix Featured in Information Security Magazine

Helix now has it's own dedicated 3 day training course. Below are the details.

Click this link to sign up:
Helix Training Signup

E103: Live Forensics & Incident Response (Helix&trade)
Intermediate Level Course 3-Day Syllabus
_____________________________________________________

This course provides students with the knowledge and skills necessary to begin a computer based investigation. Using common and accepted Incident Response Policies and Procedures for previewing, securing and preserving digital evidence at a network crime scene, students will get a strong understanding of how best practice procedures will enable "acquisition" of digital content in an accepted and proven format.

A strong emphasis will be on the use of Helix, an e-fense developed incident response and forensics tool. Students will learn how to forensically acquire volatile data, and make court accepted forensics backups.

The hands-on intensive course, intended for first responders and computer forensics investigations, and anyone performing activities that have the potential to require seized digital media and managing an Incident Response initiative.

Cost for this course:
Corporate - $1895.00
Law Enforcement - $1395.00

DAY 1:

1. Primer
    Brief understanding of network basics
    Brief re-education on the command line

2. What is Helix
    Understanding what Helix is
    Helix CD interaction within a Live Environment
    Helix tools for incident response and acquisition

3. Understanding volatile data
    What is considered evidence
    Determining the steps and process to preserve evidentiary integrity
    Learning what comprises volatile data and how to view it
    Hands on exercises

4. Obtaining volatile data
    How to collect volatile data
    Using specific tool sets to collect volatile data
    Chain of custody and relevant issues
    Hands on exercises

DAY 2:

5. Storing volatile data
    Using the power of a network to store your data
    Using attached devices
    Options for storage
    Hands on exercises

6. Bootable Helix
    Helix boot process
    Learning about devices
    Problem and Issues solving
    Hands on exercises

7. Helix navigation
    File system Structure and file systems
    Command shell and common commands
    Working with files and directories / permissions
    Mounting devices
    Hands on exercises

8. Traditional acquisitions
    Understanding partitions and drives in Helix
    Making a forensic image using dd
    Playing with Adepto
    Using EnCase Linen
    HPA�s and DCO�s
    Hands on exercises

DAY 3:

9. Previewing and Other Tricks
    Using Retriever to located files
    Understanding the Helix filemanager
    Using the loopback filesystem
    Using CDFS / CHNTPW / Anti-Virus
    Hands on exercises

10. Imaging the Live OS
    Acquiring the live OS over a network
    Issues with acquiring the live OS
    Operating Systems other than Windows

11. All about RAIDS
    Understanding RAID levels
    Large corporate systems
    Handling dynamic disks and RAIDS

12. Advanced Information
    Problematic Live systems
    Locked Systems
    Large servers

Practical Exam