Menu
  • Home
  • My Books
  • Courses
  • My Events
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • My Events
  • About Me
  • Contact

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Print
2 minutes reading time (369 words)

Ye ol’ Windows FE

Digital Forensics
Brett Shavers
Monday, 31 October 2016
3980 Hits
0 Comments

Not to get into the long history of WinFE, but rather focus on the course I created about 2 years ago…it’s time for an update to the course.  There have been almost 5,000 people that signed up for the online WinFE course since 2014.  WinFE has been taught everywhere since its inception, from colleges to federal forensic courses to everything in between.  

Technology changes and with that, WinFE needs to be updated along with a second related topic to be included in the course.  In the next few weeks, I am updating the WinFE course and adding Linux distros to the mix (only the most current Linux forensic distros, not the outdated and non-maintained systems).  The new course is tentatively titled,

"Bootable Forensic Operating Systems"

or something to that affect of having both Windows and Linux forensic boot systems.

The intention of this new course is the same as the previous course: Give forensic analysts additional options in collection, preview/triage, and analysis.

On a side note, I have had about a dozen or so emails about WinFE telling me that;

  1. You have to use a write-blocker

  2. You can’t trust bootable media to be forensically sound

  3. No one does it this way anymore

  4. Today’s computers don’t allow booting to external media

Each time, I have said, “You’re right.  Feel free to use what you want.”  I really don’t see a need to argue with anyone set in his or her ways in the DFIR field.  My opinion is simply that if something works, use it.  If something doesn’t work, don’t use it.  This applies to WinFE, a Linux forensic boot disc, or a write blocker as much as it applies to X-Ways, EnCase, or FTK.

Seriously, if WinFE works for you in a given situation, and you have a choice, feel free to use it.  It’s been battle-proven more than enough.  Same with the Linux distros. If you like it, and it works, and it fits to your needs, why not use it.

With that, I still believe forensically sound bootable media still has its place in the forensic world.  The upcoming course will talk all about it, including building a WinFE and perhaps even putting together your own Linux distro.

Tweet
Tags:
winfe Windows Forensic Environment
Jimmy Weg's blog archive
X-Ways Forensics Sucks….

About the author

Brett Shavers

Brett Shavers

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 12 December 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search Blog

Categories

Digital Forensics
  Subscribe via RSS
Books
  Subscribe via RSS
Privacy
  Subscribe via RSS
JustAskWeg
  Subscribe via RSS
Speaking
  Subscribe via RSS
Bitcoin Forensics
  Subscribe via RSS

Posts List

Tag Cloud

Hiding Behind the Keyboard X-Ways Forensics Windows Forensic Environment wiretap RegRipper dfir bitcoin windows forensic environment X-Ways Forensics Practitioner's Guide writing investigations Hacker forensics phishing Bitcoin Forensics Volume Shadow Copy book Virtualization privacy case studies Placing the Suspect Behind the Keyboard 4cast investigation University of Washington North korea Jimmy Weg tor browser training gmail windows fe imaging email winfe bitcoin forensics Registry Forensics surveillance

Upcoming Events

There are no up-coming events

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!

http://www.patreon.com/DFIRTraining 

© 2018 Brett Shavers