Category Archives: Uncategorized

Yep!  Not only is WinFE still a viable project, it is being taught in more places, more often, to more people.  For example: The FAA: FAA78100041, (78100041) Creating a Windows FE DVD Search at the Child Abuse and Family Summit in … Continue reading →

Be sure to keep up on the progress of my second book (X-Ways Forensics Practitioner’s Guide) at https://xwaysforensics.wordpress.com/.  Eric Zimmerman and I are on the last chapter! After the book is done, I have a few new things to test … Continue reading →

Don’t get excited, there isn’t a solution to Windows RT or Secure Boot and WinFE (yet!).  But for those working on it, here are two links of interest that help explain a few of the technical details.  http://www.uefi.org/learning_center/ The UEFI … Continue reading →

Gotta plug my book, especially since WinFE is in the book too.  It was nearly a year in research and writing, with my sincere gratitude to those that helped tech edit, review, and help me get the book printed (each … Continue reading →

The WinFE presentation was given to a packed room in Seattle, Washington.  For those that couldn’t make it, here is my PowerPoint.  Great conference, great people, great time! CTIN 2013 Digital Forensics Conference WinFE Presentation: WinFE CTIN

For those in the Seattle area, I will be giving a presentation on Windows FE at the CTIN Digital Forensics Conference, March 13-15, 2013 (http://www.ctinconference.org).  Lots of famous people there, like the guy that came up with WinFE (Troy Larson) … Continue reading →

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. Here’s an excerpt: 4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 41,000 views in 2012. If each view were a film, this … Continue reading →

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. Here’s an excerpt: 4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 41,000 views in 2012. If each view were a film, this … Continue reading →

I’ve fielded a few questions via email on building a WinFE over the past few days that I’d like to share on the WinFE blog. Since Windows FE (Windows Forensic Environment, WinFE) is simply a Windows PE that doesn’t automount … Continue reading →

Colin Ramsden updated his write protect applications and WinFE Lite files. http://www.ramsdens.org.uk “WProtect application updated as a slight bug was preventing the user buttons from returning to ‘active’ under certain circumstances. The Download page has been updated. Full Package Zip … Continue reading →

I’ll be giving a presentation at the CTIN Conference in Seattle, March 2013 on forensic boot systems (Linux), with a strong emphasis on WinFE.   I’ll be showing off Colin’s light WinFE, WinBuilder’s build, and Troy Larson’s original build.  Hope to … Continue reading →

This posting is copied from http://www.reboot.pro, posted by Colin Ramsden on his final version of the WinFE write protect tool.  My thanks to Colin for his countless hours of work for which all of us will benefit. As to the … Continue reading →

If you try hard enough, you can circumvent just about anything.  That includes hard drive write protection, whether you are booting to a Linux forensic OS, WinFE, and sometimes, even when using a physical hardware write protection device.  There have … Continue reading →

In civil litigation, the procedures for data collection are a little more relaxed as compared to criminal investigations, but cost is a huge factor.  Typically, criminal suspects lose custody of their seized systems and won’t necessarily cooperate with the seizure … Continue reading →

Colin Ramsden has developed WinFE Lite, a build of WinFE that will run with a minimal amount of RAM (256MB).  WinFE Lite is a very solid build and is detailed on Colin’s website (http://www.ramsdens.org.uk/). On his site, you will find … Continue reading →

Check it out, http://reboot.pro/4111/ Perhaps the best and easiest tutorial I’ve seen on using Winbuilder.  Just add the forensic write protect script and that’s it. You can customize as you see fit. Colin Ramsden is working on some really neat changes … Continue reading →

If you still haven’t decided to download it and try it, here is a QuickStart Guide to show only what you need to get going.

Colin’s Write Protect Script (wp.script) is available, but still considered Beta (and as with any forensic utility, test – test – test).  You can download today’s version here.  wp.script.  To make sure you get the most recent version after today, … Continue reading →