Welcome to computer forensic portal - your online resources to all computer foreniscs
 
Knowledge Articles
Books Database
Legal Cases
Forensic Dictionary
PDF documents
Web Resources
FAQ

 

Helix (Windows)
Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
 
Computer Forensic Tools
Image Acquisition
Expert Witness
Helix (Linux)

 
  Home > Knowledge Articles > Helix (Windows)

Helix (Windows)

Live Acquisition

This option allows you to make multiple images copy of any drive attached to the evidence machine.

(Click on image to view bigger version)

  1. Select the drive(s) you wish to image from the Source drop-down menu. In addition, you can choose to image the
    Physical Memory (RAM) by selecting “//PhysicalMemory – [size]” under the Source drop-down menu.
  2. The image(s) created can be stored in an external removable media or over a network.

Storing image in an external removal media.
Location Options: Select Attached/Share
Destination: Click on the Folder icon to Select a destination folder.
Image Name: Rename the image to your choice. (Optional)

(Click on image to view bigger version)

Storing media over network.
Location Options: Select NetCat
Destination IP: Enter your preferred IP address.
Port: Enter your preferred Port number. (Optional)

(Click on image to view bigger version)

Once you have completed, Click on Acquire to start imaging the evidence media. Alternatively, you can use FTK Imager by Access Data. Click on the orange arrow

(Click on image to view bigger version)

[Continue - Page 4]

 
 

© 2009
Computer Forensics Portal
All Rights Reserved

Disclaimer | Privacy Policy

Home | Contact | Sitemap

Knowledge Articles | Books Database | Legal Cases | Forensic Dictionary | Web Resources | Frequently Asked Questions