PaulDotCom mailing list archives

Digital Forensic Software

From: joel.folkerts at gmail.com (Joel Folkerts)
Date: Wed, 9 Dec 2009 14:53:33 -0600

 Helix 3 Pro (http://www.e-fense.com/helix3pro.php) may be a good fit for
you - includes a variety of data processing tools, imaging capabilities, and
canned documentation. The only downside is the $240 price for one year
subscription.

 If your on a leaner budget, take a look at FTK Imager (not sure if that's
what you were referring to) --
http://www.accessdata.com/downloads.html#Utilities. Which ever approach you
take - make sure that the hard drive is sufficiently "write-blocked". The
easiest and most reliable way of achieving this is through a hardware
write-blocker -- I am partial to Tableau (
http://www.tableau.com/index.php?pageid=products&category=forensic_bridges)
but there are lots of options. Helix does allow you to boot into a
Knopix-like environment that does not mount your drives. You can then grab a
physical image of the drive with their embedded tools. Good luck!

-Joel


"The path to hell is paved with good intentions."


On Wed, Dec 9, 2009 at 11:55 AM, Tyler Robinson <pcimpressions at gmail.com>wrote:

Hey all looking for some of the fantastic advice that the pauldotcom
listeners always provide. I am helping our prosecuting attorney with
evidence from a hard drive, I am wondering what software everyone is using
to make the drive images, and if anyone knows of a good website that has all
the proper forms ex. digital chain of custody, and also some checklists or
guidelines. I know that Helix is a widely accepted linux distro for this
sort of thing but dont have much experience with it. I also have a copy of
FTR and have worked with it a bit. So any advice at all is always
appreciated. Thanks again and Thanks to Paul and Larry for bringing together
such a dynamic group of Security professionals and a great show.

--
Tyler Robinson
Owner of Computer Impressions and Tactical Network Security


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091209/30516303/attachment.htm

Current thread:

Digital Forensic Software Tyler Robinson (Dec 09)
- Digital Forensic Software Raffi Jamgotchian (Dec 09)
- Digital Forensic Software Joel Folkerts (Dec 09)
- Digital Forensic Software Robert Miller (Dec 09)
  - Digital Forensic Software Chris Gerling Jr (Dec 10)
- Digital Forensic Software xgermx (Dec 09)
  - Message not available
    - Digital Forensic Software Tyler Robinson (Dec 09)
    - Digital Forensic Software Tim Mugherini (Dec 10)
    - Digital Forensic Software PJ McGarvey (Dec 10)
    - Digital Forensic Software Joel Folkerts (Dec 10)
    - Recommended hardware for Snort IDS Nils (Dec 11)
    - Recommended hardware for Snort IDS Joel Esler (Dec 11)
    - Recommended hardware for Snort IDS Aa'ed Alqarta (Dec 11)

(Thread continues...)