The following batch file, “settings.bat” will adjust your settings for creating your WinFE ISO.
—————————————————————————
rem You may want or need to adjust these paths
set WinFEinputPath=”C:\WinFEFILES”
set WinFEoutputPath=”c:\WinFE”
set AIKpath=”c:\program files\windows aik”
rem Use the second command if you want WinFE to clear the screen after some steps
set CLS=rem
rem set CLS=CLS
rem Use the second command if you want the user to press enter after every step
rem set PAUSE=rem
set PAUSE=pause
rem set pause=timeout /t 30
set COPYCMD=xcopy
=====================================
The following batch file “clean.bat” will ensure your directories are free for use, in effect deleting previous builds.
——————————————————————————
@echo off
call settings
echo Warning! You are about to delete the following directories:
rd /s %WinFEinputPath%
rd /s %WinFEoutputPath%
pause
=================================
The following batch file, “createfolders.bat” will create the folders in which the batch files will work from.
——————————————————————————
@echo off
rem cls
call settings
REM This batch file will create a directory structure from which
REM the CreateWinFE.bat file will match and run against.
REM After running this batch file, populate the folders as noted
REM Not all folders need to be populated (if you do not plan on
REM having a ‘live-side’, then that folder can remain empty. The
REM same for any of the other folders.
mkdir %WinFEinputPath%
mkdir %WinFEinputPath%\tools\bootside
mkdir %WinFEinputPath%\tools\liveside
mkdir %WinFEinputPath%\ftkdriver
mkdir %WinFEinputPath%\desktop
mkdir %WinFEinputPath%\bootmgr\en-US
mkdir %WinFEinputPath%\drivers
mkdir %WinFEinputPath%\ISO
echo *** Folders created ***
echo Please read the file directories.txt in the documentation for details on
echo the directory structure required by WinFE.
echo After copying your tools into the input folders, run the “CreateWinFE.bat”
echo file using the shell from WAIK.
pause
=================================
The following batch file, “createwinfe.bat” will create your WinFE ISO.
———————————————————————————–
@echo off
%CLS%
call settings
if not exist %WinFEoutputPath% goto start
echo About to delete remnants of a previous build …
rd /s %WinFEoutputPath%
:start
c:
cd %AIKpath%\tools\petools
call copype.cmd x86 %WinFEoutputPath%
%CLS%
ECHO **************
Echo STEP 1 of 10 MOUNTING THE WINPE IMAGE
ECHO **************
cd %AIKpath%\Tools\x86
imagex /mountrw %WinFEoutputPath%\winpe.wim 1 %WinFEoutputPath%\mount
%PAUSE%
ECHO *************
Echo STEP 2 of 10 DELETING EXCESS FILES (BOOT.WIM, BOOTFIX.BIN)
ECHO *************
REM The next lines deal with the winpe.wim image and bootfix.bin
REM Both are not needed and will be deleted.
del %WinFEoutputPath%\iso\sources\boot.wim
del %WinFEoutputPath%\ISO\boot\bootfix.bin
%PAUSE%
ECHO *************
Echo STEP 3 of 10 INSTALLING PACKAGES ‘SCRIPTING’ AND ‘WMI’
ECHO *************
REM INSTALLING PACKAGES ‘SCRIPTING’ AND ‘WMI’
REM These are needed for accessing bitlocked drives and
REM Volume Shadow Service/Copies
cd %AIKpath%\Tools\PETools\
peimg /install=WinPE-Scripting-Package %WinFEoutputPath%\mount\Windows
peimg /install=WinPE-WMI-Package %WinFEoutputPath%\mount\Windows
::The packages have now been installed (Scripting and WMI).
%PAUSE%
Echo .
ECHO *************
Echo STEP 4 of 10 MODIFYING THE REGISTRY FOR FORENSIC BOOTING
ECHO *************
Echo .
echo *** REGISTRY MODIFICATION- SETTING NOAUTOMOUNT TO “1″
echo *** REGISTRY MODIFICATION-SETTING SANPOLICY TO “3″
echo *** This is modifying the WinFE registry, not your computer registry
REG LOAD HKLM\WinFE %WinFEoutputPath%\mount\Windows\System32\config\SYSTEM
REG ADD HKLM\WinFe\ControlSet001\Services\MountMgr /v NoAutoMount /t REG_DWORD /d 1 /f
REG ADD HKLM\WinFe\ControlSet001\Services\partmgr\Parameters /v SanPolicy /t REG_DWORD /d 3 /f
REG UNLOAD HKLM\WinFE
%PAUSE%
echo .
REM Step 5 can be deleted from this batch file if there is not a
REM customized desktop background and boot screen.
REM However, the lines can remain without issue as no files
REM will be copied if they are not there to copy.
ECHO **************
Echo STEP 5 of 10 CUSTOM DESKTOP BACKGROUND
ECHO **************
echo .
REM The next section copies the desktop background
cd \
mkdir %WinFEoutputPath%\iso\boot\en-US
%PAUSE%
REM The next line only copies a custom desktop screeen image, not needed for WinFE to function
ECHO *** COPYING CUSTOMIZED DESKTOP BACKGROUND “winpe.bmp”
%COPYCMD% %WinFEinputPath%\Desktop\winpe.bmp” %WinFEoutputPath%\mount\windows\system32\ /E /H /Y
echo .
ECHO **************
Echo STEP 6 of 10 COPYING THE PROGRAMS FOR WINFE
ECHO **************
ECHO COPYING THE FTK IMAGER LITE OLEDLG.DLL FILE TO WINDOWS\SYSTEM32
%COPYCMD% %WinFEinputPath%\FTKdriver\oledlg.dll %WinFEoutputPath%\mount\windows\system32\ /E /H
echo .
Echo *** COPYING FORENSIC APPS FOR THE BOOTABLE SIDE OF WINFE
%COPYCMD% %WinFEinputPath%\tools\BootSide %WinFEoutputPath%\mount\windows\system32\ /E /H /Q
ECHO .
Echo *** COPYING FORENSIC APPS FOR THE LIVE SIDE OF WINFE
%COPYCMD% %WinFEinputPath%\Tools\liveside %WinFEoutputPath%\ISO\WinFE\ /E /H /Q
%PAUSE%
Echo *** ALL PROGRAMS HAVE BEEN COPIED
ECHO .
ECHO **************
Echo STEP 7 of 10 INJECTING DRIVERS
ECHO **************
cd \
cd %AIKpath%\Tools\PETools\
REM Add drivers here with the following syntax.
REM Drivers are not need for WinFE to run unless you need a specific
REM driver to use.
REM Use the following syntax:
REM peimg.exe /inf=C:\*.INI /image=%WinFEoutputPath%\mount\windows\
REM If you are using the Win7 Version of WAIK, the injection command is;
REM Dism /image:%WinFEoutputPath%\mount /Add-Driver /Driver:c:\drivers\driver.inf
Echo *** THIS BUILD DOES NOT INCLUDE ANY DRIVERS!
Echo .
ECHO *** THE ISO BUILD WILL START IN A FEW SECONDS.
ECHO *** THIS IS THE LAST CHANCE TO STOP THE BATCH FILE
ECHO *** TO CHECK YOUR WORK IF NEEDED…
%PAUSE%
%CLS%
ECHO *************
Echo STEP 8 of 10 UNMOUNTING AND COMMITTING CHANGES
Echo Please wait…….
ECHO *************
imagex.exe /unmount /commit %WinFEoutputPath%\mount
REM The winpe.wim file will be moved and renamed for
REM ISO creation
move %WinFEoutputPath%\winpe.wim %WinFEoutputPath%\iso\sources
%PAUSE%
ECHO ************
Echo STEP 9 of 10 RENAMING WINPE.WIM TO BOOT.WIM
ECHO ************
ren %WinFEoutputPath%\iso\sources\winpe.wim boot.wim
%PAUSE%
ECHO **************
Echo STEP 10 of 10 BUILDING THE ISO
Echo Please wait……….
ECHO **************
cd \
c:
cd %AIKpath%\Tools\PETools
oscdimg -n -m -o -b%WinFEoutputPath%\etfsboot.com %WinFEoutputPath%\ISO %WinFEoutputPath%\WinFE.iso
%PAUSE%
%CLS%
Echo *************************************************
Echo Windows Forensic Environment ISO is ready to test
Echo *************************************************
echo REM TEST BEFORE USING > %WinFEoutputPath%\CreateBootableUSB.bat
echo list disk >> %WinFEoutputPath%\CreateBootableUSB.bat
echo clean >> %WinFEoutputPath%\CreateBootableUSB.bat
echo create par primary>> %WinFEoutputPath%\CreateBootableUSB.bat
echo sel par 1>> %WinFEoutputPath%\CreateBootableUSB.bat
echo act>> %WinFEoutputPath%\CreateBootableUSB.bat
echo format fs=fat32>> %WinFEoutputPath%\CreateBootableUSB.bat
echo assign letter=W>> %WinFEoutputPath%\CreateBootableUSB.bat
echo exit>> %WinFEoutputPath%\CreateBootableUSB.bat
echo %COPYCMD% %WinFEoutputPath%\iso\*.* /s /e /f w:\>> %WinFEoutputPath%\CreateBootableUSB.bat
echo You may run %WinFEoutputPath%\CreateBootableUSB if you want to create a bootable USB stick,
echo but please look at the file first …
rem diskpart
:End
pause
=================================
“Echo .” is not a simple newline (at least in recent windows dos boxes), which I assume was the purpose. It will actually echo “.” and then new line. The way to do just a newline is “Echo.” (no space between echo and the period.