Brett's Ramblings

WinFE as a Student Training Aid
Brett Shavers
Digital Forensics
And yet another use for WinFE. This year, at the University of Washington's Digital Forensics Certificate Program, I am having each student create their own Windows Forensic Environment with as many forensic applications as we can fit on a USB drive.   This fulfills several objectives that any school or training program can incorporate at virt...
WinBuilder-What a neat way to make a WinFE CD
Brett Shavers
Digital Forensics
I came across WinBuilder today (http://www.boot-land.net/), which provides downloads to a GUI based, Windows Live CD builder.  I'm willing to try anything, so I gave it a whirl and was happy I did.With WinBuilder, many of the functions of Windows that are not in the basic WinFE builds are included.   This includes the Windows"Start" butto...
Follow up: Windows FE and Live Forensic Triage
Brett Shavers
Digital Forensics
For anyone that missed this WinFE webinar-"https://www2.gotomeeting.com/register/892321554"...I did view it today.  The WinFE discussion started about 30 minutes into the webinar, and only lasted for about 10 minutes.   Fortunately, there was a question/answer after the presentation for about 10 minutes.   However, the only...
WinFE Wish List
Brett Shavers
Digital Forensics
Troy Larson and Colin Ramsden are working on making some changes and adding features of interest to Windows FE. If you have any ideas as to what you'd like to see, please post them in the forum.Some of the features of interest are Bitlocker support and VSS support. Feel free to shoot your requests here since you have the best hands on WinFE looking...
Create your own WinFE ISO, for free, in just a few minutes
Brett Shavers
Digital Forensics
The below video shows how simply and quickly you can create a WinFE ISO. As you'll see in the video, all you need to do is...1) Install Windows AIK2) Download the WinFE batch files3) Run "createfolders.bat"4) Copy your forensic tools into a folder5) Run "createwinfe.bat"6) Burn your CD with the created ISO[youtube=http://www.youtube.com/watch?v=VUw...
Gargoyle and Windows Forensic Environment
Brett Shavers
Digital Forensics
It is great to see that the Windows Forensic Environment is being used as an accepted forensic platform by software manufactures, such as F-Response (blogged about running F-Response on WinFE) and WetStone.   WetStone has a version of their malware software available  on the WinFE system (although WetStone calls it the Windows Forens...
WinFE Teaser Screenshots
Brett Shavers
Digital Forensics
Colin Ramsden has been working feverishly on some modifications to WinFE that will appeal to everyone.    For some teaser screenshots, take a look here.   Bitlocker support, installing drivers while already booted to WinFE, clean shutdown that ejects the CD, and an easy to use Disk Management Console.  Believe it or no...
New Site and Updates
Brett Shavers
Digital Forensics
As you can see, the WinFE site has been migrated to WordPress.  This format allows me a little more freedom than Blogger as well as less time maintaining a website.  This site and work is free...be patient ;)You can now find the batch files accessed through direct downloads.  I am more than happy to put up additional work or correcti...
Current and Future Development of Windows FE
Brett Shavers
Digital Forensics
The WinFE journey…From Troy Larson’s first vision of the Windows Forensic Environment to the improvements currently being made, WinFE is set to become one of the best forensic boot disks/USBs available.The ease to which it can be created has been simplified greatly by Björn Ganster’s automated batch files (my initial batch files were elementary com...
Internet Evidence Finder (IEF): interview with Jad Saliba of JADSoftware.com
Brett Shavers
Digital Forensics
Jad Saliba, developer of the Internet Evidence Finder (IEF) and other neat software was interviewed recently and mentioned that he has plans to make IEF run portable on WinFE.  If you haven't purchased a copy of IEF (free to LE), take a look at it.  This would be a fantastic triage type application on WinFE as it searches for chat, email ...
More Windows FE and triage notes (WindowsRipper?)
Brett Shavers
Digital Forensics
Matt Churchhill (http://mattchurchill.net/2010/06/windowsripper/) has been doing some work to supercharge RegRipper.  Take a look at his video and while watching, consider how this can affect your method to triage a computer when booted to WinFE...[youtube=http://www.youtube.com/watch?v=r4nBUXYGkBw&hl=en_US&fs=1&border=1]
Windows FE and Triage webinar
Brett Shavers
Digital Forensics
This should be a neat webinar on Windows FE and Triage.https://www2.gotomeeting.com/register/892321554Check the "Using WinFE" page for tips on using WinFE for not only triage/preview, but other ways to use the tool.  Until I hear otherwise, I have found that X-Ways Forensics is the most complete forensic tool that can run on the Windows Forens...