Take a gander at Misty's latest tests of WinFE/PE regarding RAM requirements and imaging speed...very nicely done with some impressive numbers.

http://mistype.reboot.pro/documents/WinPE.RAM/winpe.ram.usage.htm

On a different topic, some discussion on distribution licenses of WinFE has been going on at forensicfocus.com.  One of the takeaway points of the discussion is that you shouldn't be giving away or selling WinFE (or PE) ISO files....that will violate the Microsoft EULA.  Since WinFE is most typically used in legal cases, using a tool that you violated the EULA could cause serious issues with the evidence you collected.  So if you didn't build it, don't use it.  That is the very bad news.

The very good news is that you can make your own WinFE, free, in just a few minutes, without violating the EULA.

http://www.forensicfocus.com/Forums/viewtopic/t=11704/

I assume that one of the reasons Microsoft has such a restrictive EULA prohibiting distribution is so that the core files of WinPE (and FE) remain solid.  Downloading or using any 3rd party tool or something "a friend" sends you could contain anything hidden inside, like malware.  By using Microsoft's files, the odds are much lower that this will happen, meaning that when you build a WinFE, it is most malware free that can be expected.

After that discussion on forensicfocus slowed down, I had emails about WinFE regarding how to build it.  Not that I created the thing...but I will make a fairly detailed and easy to follow video on building a WinFE and everything you should know about it.  After all, if ever asked about your data collection tool, it's better to look like you know what you doing rather than say, "I downloaded this ISO file, booted the system and imaged with it, and don't really know much else about it."  Perhaps better to say, "I personally built and tested the imaging environment using industry best practices.  I used core files from the Microsoft company as allowed by its licensing agreement."

When the tutorial video is finished, I'll post the link.

 

 

 

An imaging tool (CloneDisk) development project for WinFE...very cool...keep up with the thread and give your suggestions at http://reboot.pro/topic/19765-suggestions-for-a-winfe-imaging-tool-based-on-clonedisk/

If you are interested in some behind-the-scenes efforts of developing WinFE, take a look at the www.reboot.pro forum threads.  And if you want to give input on what you would like WinFE to do...the reboot.pro forum would be a good place to submit a suggestion or lend a hand in development.

If for nothing but curiosity, you can follow along in watching the developers of the WinFE discuss how they are working toward making the lightest, fastest, full-featured, minimal builds, multi-boot, easy-to-use,  and cool forensic tool around.

I'll continue to post the latest links and download information on this blog, because I know that time is usually non-existent, deadlines are always minutes away, your laptop (while at the airport or onsite) has eight programs running while you are replying to ten emails, and you just need to know where to download that latest WinFE building information.  So, that will be here.  But for when you have time at the side of the pool, browse www.reboot.pro to watch these guys improve WinFE as it happens.