Brett's Ramblings

Talking about XWF in the CTIN Digital Forensics Conference
Brett Shavers
Speaking
XWF was presented in two sessions of the 2013 CTIN Digital Forensics Conference.  Pete Donnell of the Washington AG Office spoke on XWF Basics and I spoke on XWF Advanced Tips.  There was more than one person that decided to now use XWF as a bigger part of their forensic tools set.You can see the XWF Advanced slidedeck here:  XWF
CTIN 2013 Presentation
Brett Shavers
Digital Forensics
The WinFE presentation was given to a packed room in Seattle, Washington.  For those that couldn't make it, here is my PowerPoint.  Great conference, great people, great time!CTIN 2013 Digital Forensics Conference WinFE Presentation: WinFE CTIN
Chapter 3 is in tech review!
Brett Shavers
Digital Forensics
We just submitted our biggest chapter yet (over 60 pages!) to our technical editor. Once he is done with it, its off to the publisher!
X-Ways Forensics Install Manager
Brett Shavers
Digital Forensics
Licensed users of  X-Ways Forensics can download Eric Zimmerman's install manager (XWFIM) from the X-Ways Forensics support forum.   Eric's creation of a GUI install application for XWF is really neat, minimizes the effort to configure your installation, and makes updates simple and quick.  Thanks to Eric!
WinFE Presentation in Seattle
Brett Shavers
Digital Forensics
For those in the Seattle area, I will be giving a presentation on Windows FE at the CTIN Digital Forensics Conference, March 13-15, 2013 (http://www.ctinconference.org).  Lots of famous people there, like the guy that came up with WinFE (Troy Larson) who will be presenting on Windows 8 Forensics.  I'll be bringing the latest and greatest info on Wi...
2012 in review
Brett Shavers
Digital Forensics
The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.Here's an excerpt:4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 41,000 views in 2012. If each view were a film, this blog would power 9 Film FestivalsClick here to see the complete report.
2012 in review
Brett Shavers
Digital Forensics
The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.Here's an excerpt:4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 41,000 views in 2012. If each view were a film, this blog would power 9 Film FestivalsClick here to see the complete report.
Build questions
Brett Shavers
Digital Forensics
I've fielded a few questions via email on building a WinFE over the past few days that I'd like to share on the WinFE blog.Since Windows FE (Windows Forensic Environment, WinFE) is simply a Windows PE that doesn't automount hard drives, the build of a WinFE beyond that purpose is purely for customization and specific needs.   Those needs can be add...
WinFE updated
Brett Shavers
Digital Forensics
Colin Ramsden updated his write protect applications and WinFE Lite files. http://www.ramsdens.org.uk"WProtect application updated as a slight bug was preventing the user buttons from returning to 'active' under certain circumstances.The Download page has been updated.Full Package Zip (1.00, WProtect Application 1.0.0.155)WProtect Application (1.0....
WinFE Presentation
Brett Shavers
Speaking
I'll be giving a presentation at the CTIN Conference in Seattle, March 2013 on forensic boot systems (Linux), with a strong emphasis on WinFE.   I'll be showing off Colin's light WinFE, WinBuilder's build, and Troy Larson's original build.  Hope to see you there.
RAIDs & Virtual Machines
Brett Shavers
Digital Forensics
After a colleague posed a question about building VMs from RAIDs, I thought it might be a good topic for a post.  I won’t go into RAID basics, as you probably have a good grasp of that topic already if you’re visiting my site.  The RAID systems that I see most often are RAID 0s, insofar as the system disk is concerned.  We’re no...
Getting a Quick Look at Shadow Volumes
Brett Shavers
Digital Forensics
We’ve come to the point where we can conduct a rather complete exam of shadow volumes using dd and E01 image files.  Let’s say that we don’t need to do such a complete exam.  For example, we’re confident that one, particular folder may contain previous, unrecovered copies of a small number relevant files.  Maybe we’re looking for one...
Windows 8 and WinFE
Brett Shavers
Digital Forensics
Just when you thought WinFE development was done....Troy Larson (developer of WinFE) has created a cmd script to create a WinFE from Windows 8 RTM.  It is available for download in the Box.com widget to the right of this post, "Build_WindowsFE.cmd".From Troy,"Why use Windows 8 FE?It will provide access to Windows 8 features, such as StorageSpaces.I...
X-Ways Forensics Practitioner's Guide is coming!
Brett Shavers
Books
Eric Zimmerman and Brett Shavers have started writing the "X-Ways Forensics Practitioner's Guide", due out toward the end of year 2013.Check back as to when the guide will be available.   This guide intends to be the source of using X-Ways Forensics.
Colin's Final Version of his write protect application
Brett Shavers
Digital Forensics
This posting is copied from www.reboot.pro, posted by Colin Ramsden on his final version of the WinFE write protect tool.  My thanks to Colin for his countless hours of work for which all of us will benefit.As to the future development of WinFE, maybe this is it for some time to come.   Anyone can now build a Windows based, forensically sound boota...