Helix3 Pro Step Action
Step Actions for Helix3 Pro Version 2.9.X
Advice to Beginners
Helix is a very powerful tool. But with great power comes great responsibility, and as a potential forensics investigator, it is your responsibility to learn how to use this tool properly. Before you examine any system, you need to make sure that you have permission to examine that system. You need to know the legal aspects of collection, documentation, and preservation of digital evidence. You need to know how to use the tools. Simple mistakes and good intentions can completely destroy digital evidence. It is strongly recommended that aspiring investigators learn about digital forensics, and practice on controlled systems before attempting to collect evidence from a real system.
Prepare Destination Media
The destination media represents the HDD that will contain the output of the forensic acquisition. Before this process takes place, certain requirements must be met to ensure a successful and forensically sound acquisition.
1. It is recommended that destination media storage capacity has more or at least same storage capacity as that of the source media. Recommended capacity of External Hard Disk is 1TB or more.
2. Destination must be wiped and forensically clean in accordance with forensic lab standard operating procedures.
3. If destination media will be used to contain evidence files, media must be partitioned and formatted with a file system that can be universally recognized (FAT32 recommended).
4. Never save any file on Suspected System Storage Media itself. Always save all Acquisition files on External Hard Disk.
Helix Operating Modes
Helix operates in two different modes – Windows and Linux.
Helix is a forensically sound bootable Linux environment much like Ubuntu , but a whole lot more. The “other side” of Helix, a Microsoft Windows executable feature, contains incident response tools for Windows. The rationale behind this was that a majority of incidents require interaction with
Advice to Beginners
Helix is a very powerful tool. But with great power comes great responsibility, and as a potential forensics investigator, it is your responsibility to learn how to use this tool properly. Before you examine any system, you need to make sure that you have permission to examine that system. You need to know the legal aspects of collection, documentation, and preservation of digital evidence. You need to know how to use the tools. Simple mistakes and good intentions can completely destroy digital evidence. It is strongly recommended that aspiring investigators learn about digital forensics, and practice on controlled systems before attempting to collect evidence from a real system.
Prepare Destination Media
The destination media represents the HDD that will contain the output of the forensic acquisition. Before this process takes place, certain requirements must be met to ensure a successful and forensically sound acquisition.
1. It is recommended that destination media storage capacity has more or at least same storage capacity as that of the source media. Recommended capacity of External Hard Disk is 1TB or more.
2. Destination must be wiped and forensically clean in accordance with forensic lab standard operating procedures.
3. If destination media will be used to contain evidence files, media must be partitioned and formatted with a file system that can be universally recognized (FAT32 recommended).
4. Never save any file on Suspected System Storage Media itself. Always save all Acquisition files on External Hard Disk.
Helix Operating Modes
Helix operates in two different modes – Windows and Linux.
Helix is a forensically sound bootable Linux environment much like Ubuntu , but a whole lot more. The “other side” of Helix, a Microsoft Windows executable feature, contains incident response tools for Windows. The rationale behind this was that a majority of incidents require interaction with