Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
2 minutes reading time (351 words)

Current and Future Development of Windows FE

Digital Forensics
Brett Shavers
Friday, 11 June 2010
2805 Hits
2 Comments
The WinFE journey…

From Troy Larson’s first vision of the Windows Forensic Environment to the improvements currently being made, WinFE is set to become one of the best forensic boot disks/USBs available.

The ease to which it can be created has been simplified greatly by Björn Ganster’s automated batch files (my initial batch files were elementary compared to Björn’s improvements).  Colin Ramsden is working some aspects of WinFE that really are impressive, such as GUI’s for WinFE, installing hasps drivers, mapping network drives, Apple HFS+ drivers, other program installations help, etc…   Jad Saliba of JadSoftware has plans to work on making IEF run in the WinFE environment.  Add these to Matt Churchhill’s version “WindowsRipper” modified from Harlan Carvey’s  “RegRipper” and you are set to add such a triage functionality to WinFE, that given 20 minutes in front of a computer, you may be able to get everything you need from the machine.  You can either determine if the computer is worth seizing at all, or in the case of a (legal!) snatch and grab op, grab only the data of importance from a host computer without the (criminal/terrorist) user ever knowing their computer was touched.

It is incredible what a group of contributors can have on a project that benefits the community. If you haven't gotten access to the shared folder, you can use this link to sign up for DropBox and I'll share the folder with you.  If you have already gotten a DropBox account, send me an email so I can share the folder with your current login.  I'd make the folder public, but would rather have at least one step to get to it rather than it open to the world so easily.  The neat thing about the shared folder, is that when someone puts in an updated batch file, you have access to it immediately.


For anyone waiting for WinFE to be available for one single and complete download...it won't happen.  There are some MS licensing issues that prevent that, so sit down for a bit, take a look at how to make one, and get started!  You won't regret it.
Tweet
0
New Site and Updates
Internet Evidence Finder (IEF): interview with Jad...

About the author

Brett Shavers

Brett Shavers

 

Comments 2

Guest
Guest - Rob on Monday, 14 June 2010 00:18

Great info..and good to see there is Interest in this project from Developers/coders..

0 Cancel Reply
Great info..and good to see there is Interest in this project from Developers/coders..
Cancel Update Comment
Guest
Guest - ihuntcrows on Thursday, 16 December 2010 18:47

hi my dropbox email thing is ihuntcrows@aol.com or ihuntcrows. im interested in this shared folder. thanks

0 Cancel Reply
hi my dropbox email thing is ihuntcrows@aol.com or ihuntcrows. im interested in this shared folder. thanks
Cancel Update Comment
Guest
Wednesday, 29 June 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://brettshavers.com/

direct link

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.


Brett's blog

© 2022 Brett Shavers