Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
2 minutes reading time (355 words)

Integrated Scripts to WinFE

Digital Forensics
Brett Shavers
Wednesday, 11 December 2013
2243 Hits
2 Comments

There are a few behind the scenes work on creating scripts to integrate forensic applications into WinFE.   This is substantial work for WinFE users as it reduces your effort to add programs during the build process.  Basically, a one button approach to add a forensic application.

But, before you wait for these scripts to be written, remember that you can add many programs without a script or additional work if the program is already portable (meaning, no need to install for it to run).  The best example of a full-fledged forensic suite is X-Ways Forensics.  Many small forensic applications are also portable and easily copied into a WinFE build.  The difference is, X-Ways Forensics is an entire forensic suite, not just one app.

Some forensic apps being worked on now to be put into WinFE may not be full forensic suites, but have a single powerful function that make it worthwhile. I won't break the news yet and will let the vendors have first crack.

On another note, last week, I helped a LE forensics detective set up a review platform with WinFE for other detectives in his department using X-Ways Investigator.

The problem:

--Detectives assigned to cases with electronic evidence, particularly illicit images evidence, wanted to do light review work for their cases.

--Reviewing any type of illicit images on a work machine only leads to that machine getting dirtied up.  Also, every detective had 'their own way' of setting up their computers.

--Detectives had no forensic training.

The solution:

--WinFE and X-Ways fixed both problems.

--Department purchased two licenses of X-Ways Investigator.

--A WinFE boot CD was made with X-Ways Investigator copied onto it.

--Detectives now boot their machine to WinFE, run X-Ways Investigator, and access the forensic images from an external drive.  All work is saved onto the external drive and their workstation remains clean.

--This also prevented the IT staff from the city panicking over installing 'unauthorized' software

--And of course, a copy of the X-Ways Forensics Practitioner's Guide was ordered for the detectives to use :)

[caption id="attachment_1010" align="aligncenter" width="121"]X-Ways Guide X-Ways Forensics Practitioner's Guide


 

happy

 

 

 

 

 

 

Tweet
Share on Pinterest
0
Thesis on WinFE, shared by Alex Van Ginkel
Cool update to the XWFIM, Portable Install

About the author

Brett Shavers

Brett Shavers

 

Comments 2

Guest
Guest - Howard Patterson on Wednesday, 11 December 2013 11:01

Cool solution. Are the detectives accessing the evidence drive locally? Or via network?

0 Cancel Reply
Cool solution. Are the detectives accessing the evidence drive locally? Or via network?
Cancel Update Comment
Guest
Guest - Brett Shavers on Wednesday, 11 December 2013 14:08

From external drives with a copy of an image. I personally don't like those kind of cases on a network for a local PD. The feds have better systems that I've seen to store those kinds of cases on the network.

0 Cancel Reply
From external drives with a copy of an image. I personally don't like those kind of cases on a network for a local PD. The feds have better systems that I've seen to store those kinds of cases on the network.
Cancel Update Comment
Guest
Monday, 30 January 2023

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/

direct link

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Brett's blog

© 2023 Brett Shavers