Windows Forensic Environment

Skip to content

Home
About
Batch Files
Downloads
Using WinFE
BIOS Keys
Links
“Other” Forensic Boot Options
Contact

About

The “Windows Forensic Environment” (aka WinFE or Windows FE) is the creation of Troy Larson (Microsoft). It is an operating system environment based from Microsoft PE (Preinstalled Environment), modified for forensic use.

WinFE forensically boots computers much like the various Linux forensics disks, however, WinFE is “Windows”, not Linux, thereby allowing the examiner to use Windows based forensic applications to image or examine suspect/custodian machines in a forensically sound environment.

Many of the improvements of WinFE have come from users. For a detailed write up (already outdated by many of the improvements submitted), click here: WinFE.

Brett Shavers

Share this:

Facebook
Twitter
Reddit
StumbleUpon
Email
Digg
Print

Like this:

Be the first to like this page.

Login
Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 64 other followers
Recent Comments

NV on For those that still haven…
Jeff Ellis on Colin’s Write Protect…
Brett Shavers on Colin Ramsden’s Wor…
SANS
Windows Incident Response
RegRipper
Computer Forensics and IR
Grand Stream Dreams
Blog Stats
- 91,372 hits

Windows Forensic Environment

Theme: Twenty Ten Blog at WordPress.com.

Follow

Follow “Windows Forensic Environment”

Get every new post delivered to your Inbox.

Join 64 other followers

Powered by WordPress.com

Send to Email Address Your Name Your Email Address

Cancel

Post was not sent - check your email addresses!

Email check failed, please try again

Sorry, your blog cannot share posts by email.