I'll be giving a demo of WinFE to www.ctin.org on March 10 (online).  I'll be showing some neat developments in the work as well as discuss solving build problems.



There are a few spots left and you have to be a CTIN member to view the presentation.  But maybe it is something worthwhile to join anyway as most all the training is free to members.

Just to clear up any questions on whether WinFE can 'do a Mac', well...it can.  And Linux too.  And of course it can do Windows as well.   As long as the machine can be booted to a WinFE CD or USB, then you can image the hard drive.  Actually, you can do a whole lot more than just image it...you can triage it, preview it, search it, or just copy files and folders from it.  If the drive is encrypted and you have the key, you can access the drive.  And what about VSS (Volume Shadow Service/Copies)....you can access those too, all through WinFE.

I can promise that as soon as you build a WinFE CD or bootable USB, you will regret not having done it months or years earlier (it's been around since 2008....).  And if building a forensic boot OS makes you hesitate at all, there is no need because if you use WinBuilder, it is as simple as pointing and clicking to fully customize your Windows FE CD or bootable USB.

You can now download the WinFE WinBuilder.  Thanks to everyone that helped support this effort, it was well worth it.



As to a guide on how to use WinFE, it probably isn't really needed since WinFE is simply a forensic boot disc.  So, you might not need any help in putting WinFE to good use.  However...there may be a few things you didn't know you could do with WinFE that could be of interest.   Since that might be the case, here is a quick guide on tips on using WinFE as well as tips for building with WinBuilder.

Users Guide to WinFE

For support on how to use WinBuilder (troubleshooting, advanced features), check out the WinBuilder website at http://reboot.pro.

To reiterate some points about WinFE (and to hopefully prevent 'hate mail' coming to me from commercial products...), WinFE is an addition to your forensic toolkit. It doesn't replace any tools, only supplements what you are using anyway.   Commercial products that do the same thing that WinFE does work too, keep buying those if you want, you don't have to use WinFE.  And for the Linux lovers out there (Hey, I'm one of you guys too!), there is time and place for everything, sometimes WinFE is best, another time CAINE or DEFT or ???*nix may be best.

As far as anyone making a profit out of WinFE, no need to ask, because no one is;  it is a community project of customizing a Windows PE to fit your needs.

And yes, there are even some more neat things to be added to WinFE in the future...but as of now, you have access to a solid forensic environment.

For additional credits to this project;