And yet another use for WinFE.

This year, at the University of Washington's Digital Forensics Certificate Program, I am having each student create their own Windows Forensic Environment with as many forensic applications as we can fit on a USB drive.   This fulfills several objectives that any school or training program can incorporate at virtually no cost.

Students in forensic programs can learn to create a forensically sound bootable media and validate it through testing (how's that for a takehome assignment?).  Since WinFE can be used as a forensic platform on almost any computer (for those students without a 'forensic machine' at home), this bootable media may be more than enough to practice and do homework assignments on their home computer (...they can image...they can run forensic tools against an image or hard drive...they can do quite a bit).  Forensic software developers...consider making your applications run in a portable mode and VOILA, you just reached a second use (and market) for your application/s.  Anything that runs on WinFE is a tool I want and so far, only X-Ways Forensics fits that bill as a full fledged, portable forensic suite.

And yes, a Linux forensic environment can do many of these things as well, so why not do both?  The cost of a Linux CD...same as WinFE :)

I came across WinBuilder today (http://www.boot-land.net/), which provides downloads to a GUI based, Windows Live CD builder.  I'm willing to try anything, so I gave it a whirl and was happy I did.

With WinBuilder, many of the functions of Windows that are not in the basic WinFE builds are included.   This includes the Windows"Start" button, computer management tools, and even network access.

Running WinBuilder is not complicated and scriptable.  The one thing it does not do (at this time) is make your CD forensically safe with the 2 registry changes.  However, this is easy enough to do manually or by writing a script to be used during the build.

I'm not sure how I missed this before, but I may have now found my primary method of making a WinFE disc, using WinBuilder instead of a batch file.  Oh yeah, you don't need WAIK either.

For anyone that missed this WinFE webinar-"https://www2.gotomeeting.com/register/892321554"...I did view it today.  The WinFE discussion started about 30 minutes into the webinar, and only lasted for about 10 minutes.   Fortunately, there was a question/answer after the presentation for about 10 minutes.   However, the only information given on building your own WinFE was to contact Microsoft and an article in Hackin9 magazine (there was no reference to this WinFE site as a resource to build your own WinFE…even after submitting the web address information…).

Given some interest, I’d gladly host a webinar on WinFE, (more than 10 minutes worth, showing how to build your own, and not based on selling you some software…).