Sunday, 22 March 2009

Monetizing Helix

The forensics community has benefitted from the free Linux forensic distro Helix3 for some time. This distro was developed by Drew Fahey and distributed via (archived Helix 3 website). I suppose, like many free things, the issue of how to you support it and develop it when you are not making money from it became an issue for e-fense. I was under the impression that a revenue stream was available via Helix3 training courses (run by CSI Tech in the UK). I know that both Nick Furneaux and Jim Gordon were very busy with these courses, and having attended one myself, I thought they were a great success.

Anyhow it seems that training provision wasn't enough. Late 2008 e-fense invited e-fense helix forum members to make donations. Unsurprisingly take up wasn't that great. This resulted in a slightly hectoring email from e-fense announcing that Helix3 was now only available to those who subscribed for access to their forum. The subscription is around US$20 per month. So be it but as someone who has already paid circa US$1000 for a training course to use a product I cannot now download without subscription I am left feeling slightly disappointed.

Nothing stands still in this arena however. I have posted in the past about WinFE and some subsequent comments led me to a Grand Stream Dreams blog post written by Claus Valca. He referred to two free forensic Linux distros:

Perhaps one of these is the new helix?

It seems one or two others have commented on the same subject -it seems they are not planning to subscribe either.

I noticed a bit late in the day that there is an extensive thread over at Forensic Focus about this issue also.


Hacking Exposed Computer Forensics Blog said...

I'm going to have to agree. If helix could explain what beyond support they are willing to provide for a monthly fee I might be willing to reconsider.

As it stands now it was a convenient distribution they put together that I now plan to repackage myself rather than pay 20 USD a month for a collection of free tools.

Anonymous said...

regarding the two cd you have mentioned in your post, i would say that they are interesting project but not validated yet. Furthermore they had some problem in court in the past.

DC1743 said...

Surely it is up to the investigator to validate their tools. I have not used either distro yet but if I do use them I will test them first.

The websites suggest that they are straight forward forensic linux distros. The tools on them are by and large widely distributed and were also found on the helix disk.

Unless you can be more specific I can not see how these disks are likely to give more problems in court than helix.

Nick Furneaux said...

Hi, I'm glad you enjoyed the Helix course, I've certainly enjoyed teaching them. Sadly the new management at e-fense are taking a new line with Helix as you pointed out. Although I totally support e-fense making a living there were perhaps others ways to skin the proverbial cat!

The Advanced course Jim and I have announced ( teaches a combination of Helix, Volatility, F-Response Field edition and scripting your own toolkits, which reflects the needs of the investigator to have multiple tools at their disposal.

Hope to see you soon


Mike said...

"Unless you can be more specific I can not see how these disks are likely to give more problems in court than helix."

Easy: 4 months ago someone found out that these so called "forensic distros" used to mount SWAP was a bug but Jesus....I'll stick with Helix