Menu
  • Home
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password

Digital Forensics

JUN
02
8

More Windows FE and triage notes (WindowsRipper?)

Posted by Brett Shavers
in  Digital Forensics
Matt Churchhill (http://mattchurchill.net/2010/06/windowsripper/) has been doing some work to supercharge RegRipper.  Take a look at his video and while watching, consider how this can affect your method to triage a computer when booted to WinFE...
Continue reading
0
  1640 Hits
Tags:
winfe
Tweet
Recent Comments
Guest — Rob
Am I correct that once you assign a drive letter to the Volume you are going to be touching the Drive in WinFE?
Wednesday, 02 June 2010 10:30
Guest — Anonymous
If you set a volume to read only, the disk is written to (offset 0x417). If a disk is set to read only, it is not written to. So... Read More
Wednesday, 02 June 2010 11:09
Guest — Matt C
Thanks for the link, Brett. I hadn't thought of putting this on WinFE before, but it's a great idea.
Wednesday, 02 June 2010 11:32
1640 Hits
MAY
28
1

Windows FE and Triage webinar

Posted by Brett Shavers
in  Digital Forensics
This should be a neat webinar on Windows FE and Triage.https://www2.gotomeeting.com/register/892321554Check the "Using WinFE" page for tips on using WinFE for not only triage/preview, but other ways to use the tool.  Until I hear otherwise, I ha...
Continue reading
0
  1733 Hits
Tags:
winfe
Tweet
Recent comment in this post
Guest — Anonymous
Great Catch..Signed up.. Now only if it was tomorrow we could save you alot of Email! ;-)
Friday, 28 May 2010 22:43
1733 Hits
    Previous     Next
85 86 87 88 89 90 91 92 93 94

Brett's blog

Posts List

Tag Cloud

book training gmail Virtualization investigations tor browser Registry Forensics imaging email North korea bitcoin forensics X-Ways Forensics Practitioner's Guide phishing wiretap writing windows forensic environment Hiding Behind the Keyboard investigation Placing the Suspect Behind the Keyboard surveillance Jimmy Weg Bitcoin Forensics 4cast Hacker RegRipper dfir bitcoin forensics presentations Volume Shadow Copy case studies X-Ways Forensics Windows Forensic Environment winfe privacy University of Washington windows fe

Search Blog

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!

http://www.patreon.com/DFIRTraining 

© 2020 Brett Shavers