fourth edition

Windows Forensic Analysis, Fourth Edition

I’ll wait to give an “official” review of Harlan’s book (Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8) only to give others the chance to read it once it becomes available.  But…I’ll say that based on my early reading as a tech editor, this is a book that ranks for me…

CyberCrime 2013 Symposium

I’m heading to New Hampshire (first time there) to present on Placing the Suspect Behind the Keyboard.   Sounds like a pretty good conference and certainly could not be any further for me to travel in the entire country.  Literally, from one end to the other.  Looking for to the conference, come say hello if…

Mini-WinFE

This is Project 1 of 3 for alternative WinFE builds.  The two other projects are forthcoming with the primary difference being you being able to choose which method you prefer. This build is tentatively called “Mini – WinFE” because it is a super quick method to build a WinFE with minimal features.  Primarily, it is…

Temporary 40% discount on a book I wrote

The X-Ways Practitioner Guide I wrote with Eric Zimmerman was just given a 40% discount from the publisher.   I am posting the information on the WinFE site mainly because X-Ways is the best forensic app that runs in WinFE, fully, without issues.   In the book, I give a few examples of using WinFE with XWF…

Making the build even easier

There are a few WinFE builders creating a standalone, push button build for WinFE based on WinBuilder.  It will be set for defaults selected for forensic soundness and include only that what is needed for WinFE.  The goal is a about as close to a ‘one-button build’ as possible.  All you will need is your…

Is WinFE still being used?

Yep!  Not only is WinFE still a viable project, it is being taught in more places, more often, to more people.  For example: The FAA: FAA78100041, (78100041) Creating a Windows FE DVD Search at the Child Abuse and Family Summit in Oregon. HTCIA at a training session in Washington (state). Another HTCIA here (with instructions to…

WinFE and UEFI Secure Boot!

Don’t get excited, there isn’t a solution to Windows RT or Secure Boot and WinFE (yet!).  But for those working on it, here are two links of interest that help explain a few of the technical details.  http://www.uefi.org/learning_center/ The UEFI secure boot specification is owned by the UEFI consortium, not Microsoft, so the consortium documentation…

CTIN 2013 Presentation

The WinFE presentation was given to a packed room in Seattle, Washington.  For those that couldn’t make it, here is my PowerPoint.  Great conference, great people, great time! CTIN 2013 Digital Forensics Conference WinFE Presentation: WinFE CTIN

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. Here’s an excerpt: 4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 41,000 views in 2012. If each view were a film, this blog would power 9 Film Festivals Click here to see the complete report.

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog. Here’s an excerpt: 4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 41,000 views in 2012. If each view were a film, this blog would power 9 Film Festivals Click here to see the complete report.