Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
2 minutes reading time (337 words)

"Based upon the test results it is possible to run all versions of WinPE on a system with only 128 MB of system RAM"

Digital Forensics
Brett Shavers
Friday, 09 May 2014
2813 Hits
2 Comments

winpeTake a gander at Misty's latest tests of WinFE/PE regarding RAM requirements and imaging speed...very nicely done with some impressive numbers.

http://mistype.reboot.pro/documents/WinPE.RAM/winpe.ram.usage.htm

On a different topic, some discussion on distribution licenses of WinFE has been going on at forensicfocus.com.  One of the takeaway points of the discussion is that you shouldn't be giving away or selling WinFE (or PE) ISO files....that will violate the Microsoft EULA.  Since WinFE is most typically used in legal cases, using a tool that you violated the EULA could cause serious issues with the evidence you collected.  So if you didn't build it, don't use it.  That is the very bad news.

The very good news is that you can make your own WinFE, free, in just a few minutes, without violating the EULA.

http://www.forensicfocus.com/Forums/viewtopic/t=11704/

I assume that one of the reasons Microsoft has such a restrictive EULA prohibiting distribution is so that the core files of WinPE (and FE) remain solid.  Downloading or using any 3rd party tool or something "a friend" sends you could contain anything hidden inside, like malware.  By using Microsoft's files, the odds are much lower that this will happen, meaning that when you build a WinFE, it is most malware free that can be expected.

After that discussion on forensicfocus slowed down, I had emails about WinFE regarding how to build it.  Not that I created the thing...but I will make a fairly detailed and easy to follow video on building a WinFE and everything you should know about it.  After all, if ever asked about your data collection tool, it's better to look like you know what you doing rather than say, "I downloaded this ISO file, booted the system and imaged with it, and don't really know much else about it."  Perhaps better to say, "I personally built and tested the imaging environment using industry best practices.  I used core files from the Microsoft company as allowed by its licensing agreement."

When the tutorial video is finished, I'll post the link.

 

 

 

Tweet
Share on Pinterest
0
Tags:
winfe
Coming Soon, Online WinFE Training Program
Suggestions for a WinFE Imaging Tool Based on Clon...

About the author

Brett Shavers

Brett Shavers

 

Comments 2

Guest
Guest - guest on Thursday, 22 May 2014 01:46

Hi. Any updates on the video you said?..

0 Cancel Reply
Hi. Any updates on the video you said?..
Cancel Update Comment
Guest
Guest - Brett Shavers on Saturday, 24 May 2014 13:29

A few things came up...but getting it finalized now. It's actually more than a video. I'm putting together an entire course with multiple narrated videos of different build methods, how to use WinFE in different situations, customizing the build, testing and validating, and a about a half dozen other subjects. Basically, it will be everything you will ever need to know about WinFE, from inception to courtroom.

0 Cancel Reply
A few things came up...but getting it finalized now. It's actually more than a video. I'm putting together an entire course with multiple narrated videos of different build methods, how to use WinFE in different situations, customizing the build, testing and validating, and a about a half dozen other subjects. Basically, it will be everything you will ever need to know about WinFE, from inception to courtroom.
Cancel Update Comment
Guest
Monday, 30 January 2023

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/

direct link

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.


Brett's blog

© 2023 Brett Shavers