Brett's Ramblings

More on Autopsy and WInFE
Brett Shavers
Digital Forensics
I was right.  This is cool. Using Autopsy on WinFE Lite worked as expected; however, I wanted to test it with a WinBuilder build of WinFE to address limitations found on WinFE Lite (notably, the inability to view videos or inside zip files). In short, the WinBuilder build allowed viewing of videos and accessing zip files with Autopsy.  Th...
Another Discount on the XWF Guide at $37.96
Brett Shavers
Digital Forensics
Amazon reduced the price, grab it while you can before it goes up (again).  
C4All X-tension update
Brett Shavers
Digital Forensics
Update November 14, 2014 Download link to version 3.6.2.d https://www.dropbox.com/s/zewn7myskf...6.2.d.zip?dl=0This update changes the way the video stills are treated when extracting movies.-now video stills are extracted if the parent movie is extracted, regardless of whehterthe video still has been type verified.       &...
Barely any updates to WinFE :(
Brett Shavers
Digital Forensics
Unfortunately there are so few updates nowadays to WinFE, that this blog is woefully neglected...on a positive note, since WinFE practically needs no updates, there is hardly a need to keep up on WinFE once you have mastered building it.The best and most current source of all-things-WinFE is from a free online course at http://courses.dfironli...
Updates to X-tension and Hash File Manipultator
Brett Shavers
Digital Forensics
Hashbrown program 64 bit version only http://1drv.ms/1tLsNnG updated October 10 2014 instructions http://1drv.ms/XNdgeJ-New Version that handles many duplicates and many unsorted more efficiently posted.         X-tension     Update October 19 2014download link to version 3.6.2.c http://1drv.ms...
Image a Surface Pro using bootable UEFI WinFE
Brett Shavers
Digital Forensics
Cool WInFE work done by Jeffrey A. Cunningham, Sr Digital Forensic Examiner, US Army (ChiefCham), on imaging a Surface Pro using a bootable UEFI WinFE.  It is certainly neat to see this type of testing and research done on ANY forensic tool where the results can be shared with everyone.Thanks ChiefCham!Image a Surface Pro using bootable U...
Workarounds to Workarounds (and some hints & reminders)
Brett Shavers
Digital Forensics
Every now and then, I get email from readers who have difficulties, and some areas come up more often.  I also learn a few things as time goes by, and I gain some valuable pointers from colleagues who share my interests.  Therefore, I want to update or amend a few procedures as well as review some of the more basic steps that folks may ov...
USB Malware and WinFE
Brett Shavers
Digital Forensics
The recent release of USB malware, in which any USB device is suspect of being infected after plugging into an unknown-if-clean machine, makes a problem for bootable USB devices in forensic collection.  Some of the very scary claims to the USB malware are (http://news.discovery.com/tech/gear-and-gadgets/warning-usb-malware-code-unleashed-14100...
New version of X-Tension
Brett Shavers
Digital Forensics
New version of X-Tension3.6.2.a http://1drv.ms/1rrCJ7sChanges-adds the functionality to create a picture/video library.-adds the ability to extract pictures or movies that are type status of 'not confirmed'(this was added as there are so many variations of avi formats, that even some valid working movies were not 'confirmed')If the user does n...
XWF II and III...
Brett Shavers
Digital Forensics
...are a little late coming out due to an emergency...but will be published soon.  sorry for the delay.
Forensic Training with WinFE. Cool.
Brett Shavers
Digital Forensics
Although, the WinFE module is like, last in the course...But, it's there!
C4All X-Tension for CETS users
Brett Shavers
Digital Forensics
Re-posted with permission (more info at: http://www.forensicfocus.com/Forums/viewtopic/t=11868/):  C4All X-Tension for CETS users This is the same as version 3.5.12.k except adds the function to create a CETS manifest XML needed for those using CETS.Arnold will post information for CETS users regarding changes needed to properly use the X-Tension.C...
WinFE Taught in Australia
Brett Shavers
Digital Forensics
Neat to see WinFE being taught everywhere, as in, everywhere by many.  Wish I could have been there for this presentation (mostly because I'd have to be in Australia to see it...).[slideshare id=37866964&doc=winfe-thealmostperfecttriagetool-140811062324-phpapp01] 
BlockHasher for XWF
Brett Shavers
Digital Forensics
Yet another cool XWF utility!   BlockHasher     http://d-forensik.de/download/[caption id="attachment_630" align="aligncenter" width="700" class=" "]http://d-forensik.de/download/?did=14      BlockHasher helps you creating Block-HashSets for X-Ways Forensics- Select Directory, directory-mode is atomatically activated- ...
X-Ways MD5 Hash Manipulator
Brett Shavers
Digital Forensics
Another cool utility for X-Ways!   X-Ways MD5 Hash Manipulator               A program to manipulate your Hash sets from X-Ways.It will allow you to Add hashes, Remove hashes, Compare hashes and remove the duplicates, create hash set of excluded files, and be in the proper format to quickly import t...