Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
1 minute reading time (22 words)

WinFE has some street cred with the Scientific Working Group on Digital Evidence

Digital Forensics
Brett Shavers
Wednesday, 19 February 2014
1847 Hits
2 Comments

Cool.  WinFE is mentioned in a Scientific Working Group on Digital Evidence document.

SWGDE UEFI and its Effect on Digital Forensics Imaging
 
swgdehttps://www.swgde.org/documents/Current%20Documents/2014-02-06%20SWGDE%20UEFI%20Effect%20on%20Digital%20Imaging%20V1
Tweet
Share on Pinterest
0
Hacking Exposed - Daily Blog #242, How to build Wi...
No surprise. XWF does something other tools don't

About the author

Brett Shavers

Brett Shavers

 

Comments 2

Guest
Guest - marc on Thursday, 20 February 2014 02:17

well, not exactly IMHO - it is only mentioned as a tool for "Booting from forensic distribution media (e.g., Raptor, Windows FE) [...]". But when it comes to a recommendation, the text only mentions Windows PE in section 5 ("Boot to a UEFI compatible boot environment, which MAY include: *Windows PE *Windows To Go"). While possibly just a mistyping it gives some dubious impression.

0 Cancel Reply
well, not exactly IMHO - it is only mentioned as a tool for "Booting from forensic distribution media (e.g., Raptor, Windows FE) [...]". But when it comes to a recommendation, the text only mentions Windows PE in section 5 ("Boot to a UEFI compatible boot environment, which MAY include: *Windows PE *Windows To Go"). While possibly just a mistyping it gives some dubious impression.
Cancel Update Comment
Guest
Guest - Brett Shavers on Thursday, 20 February 2014 02:31

Yes, not detailed in the doc, but between emails about WinFE when the doc was being written, it's one of the boot methods recommended. The point mainly being to give credibility to a forensic tool as valid (along with the other tools mentioned in the paper as well). I mention the paper only because I still get emails arguing WinFE not being an effective and 'accepted' method (I'm not sure why I get asked since I didn't create WinFE...).

0 Cancel Reply
Yes, not detailed in the doc, but between emails about WinFE when the doc was being written, it's one of the boot methods recommended. The point mainly being to give credibility to a forensic tool as valid (along with the other tools mentioned in the paper as well). I mention the paper only because I still get emails arguing WinFE not being an effective and 'accepted' method (I'm not sure why I get asked since I didn't create WinFE...).
Cancel Update Comment
Guest
Monday, 30 January 2023

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/

direct link

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.

Brett's blog

© 2023 Brett Shavers