Helix
When performing forensic analysis, we have to look at the filesystem at a minute level and analyze many things, such as the execution of programs, downloading of files, creation of files, and so on.
In such situations, its best to create a forensic image of the disk to be analyzed as soon as analysis starts. Helix is the best option for creating such images.
Helix is a Linux-based live CD used for the purpose of forensic investigation and incident response.
Getting ready
Helix is available in both free and commercial forms, and its free version can be downloaded from the following link:
http://www.e-fense.com/products.php
Once downloaded, we can either burn the image file on a CD/DVD, or else we can create a bootable USB media.
How to do it?
To demonstrate the use of Helix, we can either install it on our system, or else we can use the live CD/DVD or USB media, as follows:
To use Helix, we boot our system using the live CD of Helix. From the first screen that appears, we select the option Boot...
