When performing forensic analysis, we have to look at the filesystem at a minute level and analyze many things, such as the execution of programs, downloading of files, creation of files, and so on.
In such situations, its best to create a forensic image of the disk to be analyzed as soon as analysis starts. Helix is the best option for creating such images.
Helix is a Linux-based live CD used for the purpose of forensic investigation and incident response.
Helix is available in both free and commercial forms, and its free version can be downloaded from the following link:
http://www.e-fense.com/products.php
Once downloaded, we can either burn the image file on a CD/DVD, or else we can create a bootable USB media.