Unit 5: Windows Acquisition 5.3 Activity and Discussion Activity: Running Helix in Live Mode

mac2022-06-30 26

ACTIVITY: RUNNING HELIX IN LIVE MODE

Time: This activity should take you approximately 30-60 minutes to complete.

SOFTWARE

Helix3, from e-fense, is a collection of forensic tools for data acquisition, preservation and analysis. For these activities, you will use a free version, Helix2009R1.

Helix 3 download link

Click "Helix 3" at the end of the sentence of "If you are looking for the free, original Helix (2009R1) you need Helix 3".Enter your information for the free download.Confirm the MD5 Hash Value: 3ac2ca7d8d1dcc494ef5124c1cf37f7cRight-click Helix2009R1.iso, and burn it to a CD.

GOAL

In this activity, you will practice Helix 2009R1 in a Windows live mode to preview your Windows information. Please be aware that when running tools on a live system, you will disturb the state of the live system.

You may want to review my Helix for Windows demo before beginning this activity.

INSTRUCTIONS

Insert the Helix CD to a Windows system, and run helix.exe.You will see a warning message. Read and understand the message, then click Accept to continue.The Helix Windows GUI will open with many tools available to show you both volatile and nonvolatile data of the Windows system.Explore Helix’s rich functionality, and then use Helix to answer the Check Your Work questions.

转载于:https://www.cnblogs.com/sec875/articles/10015684.html

最新回复(0)