Re: Forensic tool to recommend?

["Erik Luken" <eluken () pentarch org>]

Biggest issue I've noticed here, is that Helix does not recognize SATA 
cdroms. Booting from such, you get a limited read-only usage.

----- Original Message ----- 
From: "Richard Lane" <lane.security () gmail com>
To: <security-basics () securityfocus com>
Sent: Wednesday, May 30, 2007 7:55 AM
Subject: Re: Forensic tool to recommend?



I recommend the HELIX LiveCD distro. It has both Windows and Linux "sides"
- booting from cold will give access to the Linux toolset, however loading
the CD in Windows provides access to a variety of Windows tools.

http://www.e-fense.com/helix/

Good luck

Richard



> From: Fabio Cerullo <fcerullo_at_gmail.com>
> Date: Tue, 29 May 2007 07:53:28 +0100

> Hi All,
> I am evaluating some tools for gathering evidence in Linux and Windows
distros.
> In particular I am interested in recovering files/folders which have
> been deleted "accidentally" from the PC.
> I am aware there are some Live CD's with Linux installed that could
> mount a drive and try to recover those files but don't know anyone in
> particular.
> Any help will be really appreciated.
> Thank you very much.
> Greetings,
> Fabio