A short interivew with one of the writers of Helix.
Welcome to a short interview with Drew Fahey. Drew works with e-fense which developed Helix the live security distribution, for forensics only. This short interview will give you some insight into Helix and some upcoming features.
Who should use your distribution?
Any first responders. As well as anyone interested in conducting live forensic imaging and first response. Helix is also extremely useful for anyone needing to make traditional forensic images especially of RAID systems.
What is one thing you would like your distribution to have or do that no
other distribution does?
To be honest Helix already has a major component that none of the others have, which is the live Windows interface. Helix has been designed for live environments and for forensic acquisitions. So I would like Helix to be or become the number one tool you reach for in order to acquire forensic images.
Why did you decide to make your own live security distribution?
I made it out of necessity. I needed a tool that had specific forensic tools on it in order to some acquisitions. None of the other CD's had those tools, such as George Garners dd for Windows, or static binaries, so I created one.
How many man hours go into each release?
In short, A LOT. I have spent around 5000 hours over the last 3 years working on Helix. I usually spend around 150-250 hours between each release.
What is your favorite *nix distribution and why?
I really do not have a favorite *nix distro as I use many of them. I do prefer *nix over Windows though! I generally use OpenBSD, and Fedora. However, I have used Slackware, Mandrake, RedHat, and FreeBSD in the past.
How do you see live security distributions evolving over the next few years?
I only think they are going to grow. I think Knoppix and Kanotix will be around for a while and will
continue to set the pace for the standard live distributions.
What is the biggest upgrade/addition that is planned for your distribution?
The next release will see the addition of udev which will hopefully increase the hardware detection
capability. The biggest change will be the creation of a brand new image acquisition tool which is going to be jointly created by Jesse Kornblum, Nick Harbour, and myself. In addition we are now offering a 3day hands on Helix incident response and computer forensics training, to help people get the most out of Helix.