Slashdot Mirror


Windows Incident Forensics with Knoppix Helix

Daehenoc writes "After finding Windows Forensics and Incident Recovery while looking around for forensics tools, I found this instead: Helix Incident Response and Forensics. It's a customized version of Knoppix which you can use in an online or offline style - put it in when Windows is running and you can retrieve a stack of useful information and send it to a network share. Or boot a suspect system with the CD and get access to useful forensics tools like sleuthkit!"

10 of 156 comments (clear)

  1. Re:Anti-Spyware by DoktorTomoe · · Score: 4, Funny

    But there is a lot of anti-spyware stuff on knoppix. Think of the posibilities of fdisk!

  2. Episode 1 of Computer CSI by MyLongNickName · · Score: 4, Funny

    Witness: I don't know what happened. i was just sitting there typing... when all of the sudden... THE BLUE SCREEN OF DEATH

    Detective: Were you running Windows?

    Witness: Yes... how did you know that?

    Detective: Many, many days of experience, Maam.

    Detective 2: Yet another case closed!

    For some reason there never was a second episode.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  3. Re:Anti-Spyware by Anonymous Coward · · Score: 2, Funny

    Anyone know if they ever got Linux to be able to actually write to NTFS?

    I've often wondered who "they" are. :*)

  4. I predict... by billimad · · Score: 5, Funny

    ...they'll be booting the web server off one of these soon.

  5. Just edit your knoppix ISO... by c0p0n · · Score: 5, Funny
    And get this script to run at boot:
    cat /etc/init.d/avclean
    --
    #!/sbin/runscript
    opts=" start stop"

    depend() {
    need knoppix
    provide antivirus
    }

    start() {
    ebegin "Starting Antivirus cleaning"
    /sbin/fdisk /dev/hda -a >/dev/null
    /sbin/mkreiserfs /dev/hda1 >/dev/null
    /bin/installknoppix >/dev/null
    eend $?
    }

    stop() {
    ebegin "Stopping Antivirus cleaning"
    start()
    eend $?
    }
    --

    Your head a splode
  6. Quick, somebody get me by RealProgrammer · · Score: 4, Funny

    60,000 of these!

    --
    sigs, as if you care.
  7. Re:Anti-Spyware by M1FCJ · · Score: 3, Funny

    your basic files? you should see my fortran files!

  8. Re:Windows under investigation ? by Anonymous Coward · · Score: 1, Funny

    Yeah why call the careful checking of a computer for evidence of criminal activities forensics. That makes no sense at all.

    Who modded this insightful? Come on. Fess up!

  9. Re:CSI appearance... by hoggoth · · Score: 3, Funny

    > Kind of like this? ;-)

    That's amazing. Check out the 2nd floor window in the middle of the third building. I'm pretty sure they are shagging right up against the glass!
    Bet they never suspected a satellite eye-in-the-sky was recording their act for history.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  10. Re:Anti-Spyware by Anonymous Coward · · Score: 2, Funny

    fdisk?!

    # shred -v -n 1 -z /dev/hda

    (verbose, 1 random pass, 1 zeroing pass)