Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
1 minute reading time (172 words)

But does it do Mac?

Digital Forensics
Brett Shavers
Tuesday, 15 February 2011
2468 Hits
2 Comments


Just to clear up any questions on whether WinFE can 'do a Mac', well...it can.  And Linux too.  And of course it can do Windows as well.   As long as the machine can be booted to a WinFE CD or USB, then you can image the hard drive.  Actually, you can do a whole lot more than just image it...you can triage it, preview it, search it, or just copy files and folders from it.  If the drive is encrypted and you have the key, you can access the drive.  And what about VSS (Volume Shadow Service/Copies)....you can access those too, all through WinFE.

I can promise that as soon as you build a WinFE CD or bootable USB, you will regret not having done it months or years earlier (it's been around since 2008....).  And if building a forensic boot OS makes you hesitate at all, there is no need because if you use WinBuilder, it is as simple as pointing and clicking to fully customize your Windows FE CD or bootable USB.
Tweet
Share on Pinterest
0
Tags:
winfe
WinFE Demo Online
It's time to build your WinFE!

About the author

Brett Shavers

Brett Shavers

 

Comments 2

Guest
Guest - Andreas D on Tuesday, 15 February 2011 14:18

I think as long, as the suspicious machine has an Intel Architecture, Windows FE will boot. And from there, the Tools will work... Will they? Hm. Many Portable Tools (and also the viewer component of X-Ways Forensics) require special libraries, which are not included in Standard WindowsPE! But, with two clicks in winbuilder, the .NET Framework 2/3 and MS Visual C++ 2005/2008 redistributable libraries are injected automatically. No further configuration... And: it works like a charm!!!
I would post my configuration, but I changed some of the scripts, like also the WinFE forensic section...

Have a nice Day
Andreas

0 Cancel Reply
I think as long, as the suspicious machine has an Intel Architecture, Windows FE will boot. And from there, the Tools will work... Will they? Hm. Many Portable Tools (and also the viewer component of X-Ways Forensics) require special libraries, which are not included in Standard WindowsPE! But, with two clicks in winbuilder, the .NET Framework 2/3 and MS Visual C++ 2005/2008 redistributable libraries are injected automatically. No further configuration... And: it works like a charm!!! I would post my configuration, but I changed some of the scripts, like also the WinFE forensic section... Have a nice Day Andreas
Cancel Update Comment
Guest
Guest - Brett Shavers on Friday, 18 February 2011 14:40

You are completely correct on why WinFE can boot to a Mac (intel Macs anyway). And that is one of the reasons WinFE is such a powerful tool, because you can image (and examine a Mac) with a Windows boot disc/USB and your Windows apps. Niiiiicccceee...

0 Cancel Reply
You are completely correct on why WinFE can boot to a Mac (intel Macs anyway). And that is one of the reasons WinFE is such a powerful tool, because you can image (and examine a Mac) with a Windows boot disc/USB and your Windows apps. Niiiiicccceee...
Cancel Update Comment
Guest
Monday, 20 March 2023

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://brettshavers.com/

direct link

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Brett's blog

© 2023 Brett Shavers