The video provider corrected the course videos from being off-center this morning.  Thanks to  everyone letting me know about the problem.  I'm not surprised at how many viewers there are for the course as it shows how much WinFE is being used or at least how much it is known in the DF community.

Here is the Intro video, but you can watch the entire course at the course page  here: http://courses.dfironlinetraining.com/windows-forensic-environment

http://www.youtube.com/watch?v=npo-acVMU84

Ok, it took a while to get this done, mostly because of other projects.  But it is done.  I have videos of most build methods, tips and tricks, pro's and con's, and aspects of WinFE that you may find important.  I also included every bit of downloadable swag in the course too (batch files, wallpaper, scripts, etc...).

All in all, this is probably the best source of WinFE you will find.  I encourage you to share it and use it, after all, this is a free tool.  If anyone has suggestions on making the course better, let me know and I can try to squeeze in some improvements.

[caption id="attachment_1231" align="aligncenter" width="700"] http://courses.dfironlinetraining.com/windows-forensic-environment


 

On another note, I am also releasing the first of several X-Ways Forensics online courses on Monday, June 30, 2014.  

I'll send out a reminder on June 30 through twitter and the XWF blog.  The XWF online course is not free like the WinFE course, but it is also not expensive.  From Monday, the X-Ways course will be $195 but I will publish a discount code good for two weeks (through July 14) for 25% off.

The WinFE course was lots of work, but certainly worth the time to watch. The X-Ways course is something else entirely. The manner in which I made the X-Ways course is so that you can follow along with XWF in learning how to work a case with X-Ways Forensics.  The course describes the options and buttons in XWF, but also shows how to simply work a case.  There are literally so many features in X-Ways, that without training, you will be missing about 50% of what you should be doing.  I found that even the most current version of the X-Ways manual does not list features in XWF...lots of information to keep up with, tons of features to consider, easy to miss something that you should not miss for such a powerful forensic tool.

If you want to be notified of the coupon code, be sure to follow the X-Ways blog at http://xwaysforensics.wordpress.com/ or the twitter account at https://twitter.com/XWaysGuide.

As with everyone, when you think you have time and make plans, a dozen interruptions will delay even the most determined.  But, the WinFE online course is practically done except for:

1) latest build of Mini-WinFE being tested first to incorporate into the course (with UEFI support and a few other goodies)

2) reviewing the entire program (a volunteer is waiting for me to send him the link, after the Mini-WinFE testing is done..)

Not to say I got a little wild with this weekend project, but yeah, I got a little wild.  A short YouTube video intention evolved into a lot more.  In fact, every piece of downloadable WinFE related wallpaper, script, program, and links to anything I cannot personally distribute is in the program.

Until I push the button to release the course, it's vaporware, just like the write protect tool was vaporware before it was completed.  But the course sequence that is completed already is listed below.  If there is anything not listed that you have wondered about, speak up now or I will not know what may be missing.

I covered every major build method with videos (and downloadable guides when appropriate).

Introduction to the Course

WARNINGS!

I. Forensic Booting of Evidence Computers

II. Forensic Boot Operating Systems

Intro to Forensic Boot Systems

Linux Forensic Operating Systems

Windows Forensic Environment (Windows FE, WinFE)

III. WinFE Basics

Creation and development of WinFE

WinFE Write Protection Tool

Disk Management & DiskPart

WinFE and Your Forensic Software

IV. WinFE Validation

V. Building the Windows Forensic Environment

Building the Basic WinFE

Building WinFE with WinBuilder

Building WinFE Lite

Building Mini-WinFE

Building the Windows Triage Environment

Building a MultiBoot WinFE

VI. Using WinFE

Forensic Data Collection (file copying, disk imaging)

Triage and Preview

Remote Booting and Collections

Onsite Forensic Analysis

Covert Collections/Sneak and Peeks

WinFE as an Electronic Discovery Tool

WinFE and Disk Encryption

WinFE as an Educational OS

VII. Wrapping Up with WinFE

Summary

WinFE Qualification Exam