This is Project 1 of 3 for alternative WinFE builds. The two other projects are forthcoming with the primary difference being you being able to choose which method you prefer.
This build is tentatively called “Mini – WinFE” because it is a super quick method to build a WinFE with minimal features. Primarily, it is an acquisition boot disc with the FAU utilities and FTK Imager available for you to add (no cost for these apps online). It is also set up for X-Ways Forensics (of course I want X-Ways on it…) if you have XWF. You will notice that there is not an option to select the Write Protection app (by Colin Ramsden) to make this a WinFE. That is because you don’t have a choice. This project only builds a WinFE and not a PE, eliminating any mistake in your build. It’d be a ‘bad thing’ to think you were using WinFE when you actually missed a step and were using a “P”E.
From start to finish, you can have your WinFE.iso completed in about 3 or 4 minutes. From there, you can either put the ISO on a CD or USB. Creating a bootable USB or CD adds about 5 minutes. So, in less than 10 minutes, you have your very own WinFE bootable CD/USB.
Although this is ‘beta’, it is beta only because we’d like to get it tested a little more by others. We’ve beat it up a bit without problems. After a few beta volunteers get done testing it, this WinFE will be released to everyone at reboot.pro (will remain free forever). Then off to the other two WinFE build projects. By the way, I am only a conduit of these builds as others (to be credited) are actually doing all the heavy lifting. For this project, “Misty” from reboot.pro put it all together. Nicely done.
Personally, this is a build method I really like because it is fast to build, fast to boot, and fast to run. It does not have all the bells and whistles of a more fully WinFE build, but if you just need an imaging disk, this is a great way to go.
Contact me if you want to be a beta tester and I’ll send the login creds to download the project.
And really, if you haven’t built a WinFE yet, it doesn’t get much easier than this, or faster. If you teach how to build a WinFE in training, everything you did before has just been negated with this build method insofar as time involved to teach and use. In less than 10 minutes, your class has a bootable forensic operating system. How cool is that?
So how easy is it? Take a look below.
- Point to your Windows source
- Few options = no mistakes.
- Point to the FTK Imager.exe on your drive (download and install from Accessdata)
- Point to your XWF.exe if you have XWF. Otherwise, uncheck the box.
- Push the blue arrow. Don’t go anywhere, it’ll only take a few minutes.
Bootable USB Media
You can either use the command line with Diskpart or a GUI app like Rufus (http://rufus.akeo.ie/). The instructions on how to use Rufus is to look at the GUI, choose your needs and select Start.
Using the command line requires a bit more instructions as seen below. Both methods work.
- Want to make a bootable USB? Open a command prompt. Type diskpart.
- Run the above commands against your USB. Be careful and make sure you choose your USB. Disconnect extra drives to be sure.
- Copy/extract the files from your WinFE.iso to your USB. You can use WinRAR and just extract to the USB. End result = DONE. You now have a USB bootable USB.
- Boot screen for WinFE (source was Windows 8 for this example)
- You get a friendly reminder to be careful with ALL forensic boot discs. You also get Colin Ramsden’s most excellent write protection application. Very cool, thanks Colin.