Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Brett Shavers

Brett Shavers

JUN
09
2

Internet Evidence Finder (IEF): interview with Jad Saliba of JADSoftware.com

Posted by Brett Shavers
in  Digital Forensics
Jad Saliba, developer of the Internet Evidence Finder (IEF) and other neat software was interviewed recently and mentioned that he has plans to make IEF run portable on WinFE.  If you haven't purchased a copy of IEF (free to LE), take a look at it.  This would be a fantastic triage type application on WinFE as it searches for chat, email fragments (including Gmail!), Facebook snippets and fragments, Limewire, and more.

The day IEF is able to run on WinFE is the day I add it to mine ;)
  1959 Hits
Tweet
Recent Comments
Guest — KP
I donated to the IEF project back before Jad started charging for it and he was kind enough to give me two licenses for it. I've ... Read More
Wednesday, 09 June 2010 13:51
Guest — Rob
Agree..Thanks for the Effort on making this work with FE.. Good stuff!
Thursday, 10 June 2010 04:32
1959 Hits
JUN
02
8

More Windows FE and triage notes (WindowsRipper?)

Posted by Brett Shavers
in  Digital Forensics

Matt Churchhill (http://mattchurchill.net/2010/06/windowsripper/) has been doing some work to supercharge RegRipper.  Take a look at his video and while watching, consider how this can affect your method to triage a computer when booted to WinFE...

[youtube=http://www.youtube.com/watch?v=r4nBUXYGkBw&hl=en_US&fs=1&border=1]

  2457 Hits
Tags:
winfe
Tweet
Recent Comments
Guest — Rob
Am I correct that once you assign a drive letter to the Volume you are going to be touching the Drive in WinFE?
Wednesday, 02 June 2010 10:30
Guest — Anonymous
If you set a volume to read only, the disk is written to (offset 0x417). If a disk is set to read only, it is not written to. So... Read More
Wednesday, 02 June 2010 11:09
Guest — Matt C
Thanks for the link, Brett. I hadn't thought of putting this on WinFE before, but it's a great idea.
Wednesday, 02 June 2010 11:32
2457 Hits
MAY
28
1

Windows FE and Triage webinar

Posted by Brett Shavers
in  Digital Forensics

This should be a neat webinar on Windows FE and Triage.

https://www2.gotomeeting.com/register/892321554

Check the "Using WinFE" page for tips on using WinFE for not only triage/preview, but other ways to use the tool.  Until I hear otherwise, I have found that X-Ways Forensics is the most complete forensic tool that can run on the Windows Forensic Environment without having to install dongles or hasps, dependent files, or other installation hassles.  Simply copying the X-Ways Forensic folder runs the program.  Take a look at the Triage/Preview link on this site for some things XWF can do in this sort of scenario.

  2475 Hits
Tags:
winfe
Tweet
Recent comment in this post
Guest — Anonymous
Great Catch..Signed up.. Now only if it was tomorrow we could save you alot of Email! ;-)
Friday, 28 May 2010 22:43
2475 Hits
    Previous     Next
105 106 107 108 109 110 111 112 113 114

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Brett's blog

© 2022 Brett Shavers