Helix to Hard Drive

(Helix) { Install Helix Linux Image to Hard drive  } Section 0. Background Information Helix3 is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics. According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix. See http://www.e-fense.com/products.php Section 1. Downloading Helix On any machine connected to the Internet, bring up a Web Browser. In my case, I am using a Windows Machine that has a USB hard drive attached to it. Go To http://helix.onofri.org/Helix2008R1.iso Saving the ISO Command:  Click Save Saving ISO to a location Instruction: It's up to you where you want to save the file.  In my case, I will save the ISO to H:\BOOT ISO Section 2. Create a New Virtual Machine Create a New Virtual Machine Command: Click on "Create a New Virtual Machine" New Virtual Machine Wizard Instructions:  Click on the "I will install the operating system later" radio button. Click Next. Customer Operating System and Version Instructions:  Guest operating system: Linux Version: Ubuntu Click Next. Personalize Linux Instructions:  Virtual machine name: TargetHelix01 Note: Name it whatever you like. Location: H:\TargetHelix01 Note: If you can, save this image to a USB Hard drive. Click Next. Personalize Linux Instructions:  Maximum disk size (GB): 15 Note: You can make this a little as 3.5 GB.  It really depends if you instead on analyzing images with Autopsy. Click on the "Store virtual disk as a single file" Click Next. Personalize Linux Instructions:  Click Finished Note:  Helix will now boot off of the Helix2008R1.iso. Section 3. Install Helix to the Hard drive (Part 1) Warning:  Step 10 will fail.  Unfortunately, you will have to go through the install steps twice, due to an os-prober issue that has trouble seeing the logical volumes.  So, don't get frustrated and just follow along step by step. Edit TargetHelix01 Virtual Machine Command: Click Edit virtual machine settings Virtual Machine Settings Command: Select CD/DVD (IDE) Select the "Use ISO image file:" radio button. Browse to where you saved the Helix2008R1.iso Select OK. Booting from Helix Options Instructions: Select TargetHelix01 Play Virtual Machine Boot into the Helix Live CD Command: Arrow Down to "Boot into the Helix Live CD" Press Enter Install to Hard drive (Part 1) Instructions: System --> Administration --> Install Language Selection Instructions: English Forward Timezone Selection Instructions: Select City: Chicago Forward Keyboard layout Instructions: Which layout is most similar to your keyboard? USA USA Forward Prepare disk space Instructions: Make sure Guided - use entire disk is selected. Forward Who are you? Instructions: What is your name? student What name do you want to use to log in? student Choose a password What is the name of this computer? TargetHelix01 Forward Warning Instructions: After pressing forward the os-prober will fail because it cannot the volume groups. Click Cancel I realize you are saying what the hell, but please continue to follow along to get Helix to install to disk. Abort the installation? Instructions: Click on Quit Notes: I know this sounds crazy, but continue to Section 4. Section 4. Install Helix to the Hard drive (Part 2) Install to Hard drive (Part 2) Instructions: System --> Administration --> Install Language Selection Instructions: English Forward Timezone Selection Instructions: Select City: Chicago Forward Keyboard layout Instructions: Which layout is most similar to your keyboard? USA USA Forward Prepare disk space Instructions: Make sure Guided - use entire disk is selected. Forward Ready to Install Instructions: Click Install Side Note: See, I am not crazy, it works a second time.  BTW, I discovered this trick by scavenging through many of websites and blogs. Installing system Side Note:  This process will take between 10 to 20 minutes. Post Installation Command:  Click on Continue using the Live CD Adjust VMware Settings (For VMWare Only, See Below) Command:  Click on VMware Settings. Change Physical Drive (For VMWare Only, See Below) Command:  Select CD/DVD (IDE) Select the "Use physical drive:" Connection radio button. Change Network Adapter (For VMWare Only, See Below) Command:  Select Network Adapter NAT Select the "Bridged: Connected directly to the physical network" Network Connection radio button. Consistency Reboot Command:  Click on the Terminal Console sudo su - shutdown -r now Section 5. Logging Into TargetHelix01 Preview system information Command: Login with your the username and password you created earlier. In my case, I create a username called "student". How to become root Command: sudo su - Enter your current password for the account your logged in as. Proof of Lab Command: echo "Your Name"; date; df -h Do an Alt PrtScn (Print Screen) Cut and Paste into a Word Document Upload to Moodle. Section: Proof of Lab Cut and Paste a screen shot found in Section 5, Step 3 in a word and upload to Moodle.

Install Helix

(Helix) { Getting Started } Section 0. Background Information Helix3 is a Live CD built on top of Ubuntu. It focuses on incident response and computer forensics. According to Helix3 Support Forum, e-fense is no longer planning on updating the free version of Helix. See http://www.e-fense.com/products.php Section 1. Downloading Helix On any machine connected to the Internet, bring up a Web Browser. In my case, I am using a Windows Machine that has a USB hard drive attached to it. Go To http://helix.onofri.org/Helix2008R1.iso Saving the ISO Command:  Click Save Saving ISO to a location Instruction: It's up to you where you want to save the file.  In my case, I will save the ISO to H:\BOOT ISO Section 2. Configure the Windows Virtual Machine to boot up Helix Edit the WindowsVulnerable01 virtual machine. (See Below) Note: For those of you that don't have access to class material, this can be Windows XP, 2000, 2003 and 7. Configure Windows to boot off of Helix Instructions:  Select CD/DVD (IDE) Select the Use ISO image file Browse to where you saved the Helix iso. Note:  In my case, I save it in the following location: H:\BOOT ISO\Helix2008R1.iso Play the Virtual Machine Select Play Virtual Machine Section 3. Start Up Helix Booting from the ISO At the same time, Click the right mouse key and the press the ESC button, when the screen starts to change to the VMware screen below. Note: This might take you a few times so be patient!!! Boot Menu Selection Command: Select CD-ROW Drive Press Enter Booting from Helix Options Instructions: Boot into the Helix Live CD This will take you into a knoppix/linux operating systems. Unfortunately, VMware seems to not allow mouse clicks.  In the future, I will experiment with VirtualBox to see if the same issue is present. Boot from first hard disk Select this option. This will allow you to run the Helix CD from Windows. Log into your Windows Machine Instructions: Its probably a good idea to long in with an administrator account to ensure you can run the Helix CD. . Section 4. Start Up Terminal Window Open Up My Computer Command:  Start --> My Computer Starting Up Helix Command:  Right Click on Helix2008R1 Click on AutoPlay Select Language Command: Select English Click Accept Section 5. Preview system information Preview system information Command: Select System Information Review System Information Note: The basic system information is included here like hostname, owner, organization, IP address, NIC, and drives. Section 6. Preview Running Processes Preview Running Processes Command: Select: Page --> System --> Running Processes View a Process ID (PID) Command: Select any process. Note: The Process ID number is displayed down low. Section 7. System Information Viewer Running Processes Preview Running Processes Command: Select: Quick Launch --> System Information Viewer Select Yes ReSysInfo System Information Viewer 2.1 Command: Select System Summary System Summary View Note: This is another view that show basic system information.  Notice you have the ability to copy to this system information to the clipboard. Section 8. View Network Information Network Information Command: Select Network Information View IP and MAC Information Command: Select IP And MAC Address Proof of Lab: Cut and Paste a screen shot into a word document and upload to Moodle. Section: Proof of Lab5 Cut and Paste a screen shot found in Section 8, Step 2 in a word and upload to Moodle.