Brett's Ramblings

Font size: +
2 minutes reading time (351 words)

Current and Future Development of Windows FE

The WinFE journey…

From Troy Larson’s first vision of the Windows Forensic Environment to the improvements currently being made, WinFE is set to become one of the best forensic boot disks/USBs available.

The ease to which it can be created has been simplified greatly by Björn Ganster’s automated batch files (my initial batch files were elementary compared to Björn’s improvements).  Colin Ramsden is working some aspects of WinFE that really are impressive, such as GUI’s for WinFE, installing hasps drivers, mapping network drives, Apple HFS+ drivers, other program installations help, etc…   Jad Saliba of JadSoftware has plans to work on making IEF run in the WinFE environment.  Add these to Matt Churchhill’s version “WindowsRipper” modified from Harlan Carvey’s  “RegRipper” and you are set to add such a triage functionality to WinFE, that given 20 minutes in front of a computer, you may be able to get everything you need from the machine.  You can either determine if the computer is worth seizing at all, or in the case of a (legal!) snatch and grab op, grab only the data of importance from a host computer without the (criminal/terrorist) user ever knowing their computer was touched.

It is incredible what a group of contributors can have on a project that benefits the community. If you haven't gotten access to the shared folder, you can use this link to sign up for DropBox and I'll share the folder with you.  If you have already gotten a DropBox account, send me an email so I can share the folder with your current login.  I'd make the folder public, but would rather have at least one step to get to it rather than it open to the world so easily.  The neat thing about the shared folder, is that when someone puts in an updated batch file, you have access to it immediately.

For anyone waiting for WinFE to be available for one single and complete won't happen.  There are some MS licensing issues that prevent that, so sit down for a bit, take a look at how to make one, and get started!  You won't regret it.
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

New Site and Updates
Internet Evidence Finder (IEF): interview with Jad...