You can now download the WinFE WinBuilder. Thanks to everyone that helped support this effort, it was well worth it.
As to a guide on how to use WinFE, it probably isn't really needed since WinFE is simply a forensic boot disc. So, you might not need any help in putting WinFE to good use. However...there may be a few things you didn't know you could do with WinFE that could be of interest. Since that might be the case, here is a quick guide on tips on using WinFE as well as tips for building with WinBuilder.
Users Guide to WinFE
For support on how to use WinBuilder (troubleshooting, advanced features), check out the WinBuilder website at http://reboot.pro.
To reiterate some points about WinFE (and to hopefully prevent 'hate mail' coming to me from commercial products...), WinFE is an addition to your forensic toolkit. It doesn't replace any tools, only supplements what you are using anyway. Commercial products that do the same thing that WinFE does work too, keep buying those if you want, you don't have to use WinFE. And for the Linux lovers out there (Hey, I'm one of you guys too!), there is time and place for everything, sometimes WinFE is best, another time CAINE or DEFT or ???*nix may be best.
As far as anyone making a profit out of WinFE, no need to ask, because no one is; it is a community project of customizing a Windows PE to fit your needs.
And yes, there are even some more neat things to be added to WinFE in the future...but as of now, you have access to a solid forensic environment.
For additional credits to this project;
Taking any tool or codes and using it for some other purposes is okey to the contributers of open-source free world.
Even no credits are required at all
At least above is my thoughts.
But I agree with ChrisR,
http://reboot.pro/13622/page__view__findpost__p__119415
it is truely a shame and very un-gentleman not giving and credits by only adding 1 script to "Win7PE SE" project ( http://reboot.pro/12427/ ) many people (Yahoouk , JFX, Altorian, ChrisR, RuiPaz.... including me) worked hard with many many contributers, and announcing it like a new project.
Credit to all who I know that contributed to both WinFE and the WinBuilder WinFE project (if I've missed anyone, I'm happy to add to the list):
Troy Larson, Senior Forensic Examiner of Microsoft, created the Windows Forensic Environment (WinFE) by making two subtle, yet significant, changes in the Windows Pre-installed Environment (WinPE) registry. Nuno Brito for developing the WinBuilder application for WinPE building. Chris Roules for developing the Win7PE build for Winbulder (along with several older administrators and Yahoouk JFX). And Royal Meirer for writing the script that implements Troy Larson’s registry modifications. A combination of outstanding individuals contributing to a superb method of building a WinFE.
WinFE existed with just the WinPE registry mods by Troy as a standalone utility and not built using WinBuilder; WinBuilder existed without anything related to WinFE as a standalone application; Win7PE existed because of WinBuilder as a project; all I did was ask if WinBuilder could build a WinFE....and Royal wrote a script that put all of the above together into a simple way to build a WinFE.
Please send me the names as they wish to be seen in credit for Win7PE so I can credit them in a posting, I'm not here to take away the spotlight from anyone, just trying to get a job done.
I'm agree with Lancelot.
Thank you for the credit and for clarifying things.
I think it's good to added Lancelot. He really provided a lot and hard work on different versions of Win7PE_SE since the beginning of this project.
I downloaded the WinFE Builder from the link provided, but the contents appear to be a standard WinPE builder. In particular, there is no option for installing FTK Imager and "WinFE" isn't mentioned anywhere.
-David
It is a standard WinPE builder (Win7PE) but has an additional script in the "tweaks" section that has the FTK imager option to select or deselect. There is no option to not choose the WinFE registry modification as that is hard coded in the script to prevent creating a Win"P"E when you wanted a Win"F"E. There is a coming update with some additional scripts to include a GUI for DiskPart and installation of other forensic programs during the build.
Practically, anyone can copy the WinFE script from this build and use it on a different build, but this particular WinBuilder was chosen and tested specifically with WinFE in mind, so for use in any other build, it will require more work and testing to make sure it works in different builds.
Please disregard my last message. I found the FE elements, it just didn't match the screenshots.
The FE script will be changing as things are added, but should always be in the 'tweaks' section. Colin Ramsden's DiskPart GUI will be the next addition along with a few other goodies.
Here is the issue...in all polite fairness to Microsoft, we (myself and the writers of Colin's app) asked for the blessing to freely release the app to the public. Although Colin's app does not make any persistent changes to the WinP/FE, nor violates the EULA, we think best to have Microsoft attorneys also agree to prevent any problems with its use in criminal/civil cases. Rather than be considered a 'hack' to WinFE, we believe it best to ensure that Colin's app, as an option to DiskPart, is not considered anything other than a GUI to DiskPart.
So, with that, we are waiting and gently prodding, for an answer from Microsoft. The second after hearing that they either don't care one way or the other, or that they have no issues with releasing it, the script will be made available for immediate use. Perhaps we should send Microsoft a bouquet of roses and a bottle of wine??
The app works well. Push button control of all drives and USB devices. Plus some other neat little addons too.
why not just provide the script for winFE tools. I have added so much to my PE disk and would like to just add that script in. can you provide this?
The script can be downloaded from Colin's site (address in the post) or from this blog from the Box.com widget (WP.script). You have to be aware that there are scripts that can access the hard drive even with the WinFE script, such as the MMC script.
Brett - tried to access the WinFE Builder at http://winbuilder.net/downloads/WinFE_Builder.zip but get a 404 non-existent link message. Did the builder location change recently, or am I just missing something obvious? Thanks.
I just removed that link as it was for an older winbuilder. Since Winbuilder is updated faster than I can keep up, it is better to download Winbuilder from http://www.reboot.pro and add the write protect script to your download. That ensures you get the latest build. So, no, you weren't missing anything, just a dead link (thanks!).
Hi Jason,
WinFE you refer is Win7PESE + Forensic plugin
You can download Win7PESE from its HomePage
http://w7pese.cwcodes.net/Compressed/
+
Add "Forensic plugin" from
http://www.ramsdens.org.uk/download.html
(at the bottom)
Here you can also find "WinFE Lite" which builds from waik source by using cmd batches.
@Brett Shaders:
Dropbox links I clicked on mainpage http://winfe.wordpress.com are also death..
And yes, since wb updated without backward compatibilities and causing death links and projects... nothing new
That is one of the reason we have solid links and forum elsewhere with project-compatible wb version inside zip distributions.
By accepting you will be accessing a service provided by a third-party external to https://brettshavers.com/
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
© 2022 Brett Shavers