Mauritz Botha’s WAIK 3.0 Version

REM Change all WAIK commands with DISM.exe

CLS

ECHO.
ECHO **************
Echo STEP 1 of 10  CREATE WINFE WORKING ENVIROMENT
ECHO **************
ECHO.

rd /s/q c:\WinFE
c:
cd “c:\program files\windows aik\tools\petools”
call copype.cmd x86 c:\WinFE

ECHO.
ECHO **************
Echo STEP 2 of 10  MOUNTING THE WINPE IMAGE
ECHO **************
ECHO.

cd \
cd c:\Program Files\Windows AIK\Tools\x86
Dism /Mount-Wim /WimFile:C:\winfe\winpe.wim /index:1 /MountDir:C:\winfe\mount

ECHO.
ECHO *************
Echo STEP 3 of 10 DELETING EXCESS FILES (BOOT.WIM, BOOTFIX.BIN)
ECHO *************
ECHO.

REM The next lines deal with the winpe.wim image and bootfix.bin

del C:\winfe\iso\sources\boot.wim
del C:\WinFE\ISO\boot\bootfix.bin

ECHO.
ECHO *************
Echo STEP 4 of 10  INSTALLING PACKAGES ‘SCRIPTING’ AND ‘WMI’
ECHO *************
ECHO.

REM INSTALLING PACKAGES ‘SCRIPTING’ AND ‘WMI’
REM These are needed for accessing bitlocked drives and
REM Volume Shadow Service/Copies

cd \
cd c:\Program Files\Windows AIK\Tools\PETools\
Dism /image:C:\winfe\mount /Add-Package /PackagePath:”C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\WinPE-Scripting.cab”
Dism /image:C:\winfe\mount /Add-Package /PackagePath:”C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\WinPE-WMI.cab”

::The packages have now been installed (Scripting and WMI).

ECHO.
ECHO *************
Echo STEP 5 of 10  MODIFYING THE REGISTRY FOR FORENSIC BOOTING
ECHO *************
Echo .
ECHO ***  REGISTRY MODIFICATION- SETTING NOAUTOMOUNT TO “1″
ECHO ***  REGISTRY MODIFICATION-SETTING SANPOLICY TO “3″
ECHO ***  This is modifying the WinFE registry, not your computer registry
ECHO.

REG LOAD HKLM\WinFE C:\WinFE\mount\Windows\System32\config\SYSTEM
REG ADD HKLM\WinFe\ControlSet001\Services\MountMgr /v NoAutoMount /t REG_DWORD /d 1 /f
REG ADD HKLM\WinFe\ControlSet001\Services\partmgr\Parameters /v SanPolicy /t REG_DWORD /d 3 /f
REG UNLOAD HKLM\WinFE

ECHO.
ECHO **************
Echo STEP 6 of 10  CUSTOM DESKTOP BACKGROUND AND BOOT SCREEN
ECHO **************
ECHO.

REM The next section copies two files, one for the desktop background
REM and the other for a custom boot message.  Both are optional.
REM Remember to change the paths to the location of bootmgr.exe.mui and
REM winpe.bmp.  If these two customized files are not needed, these lines
REM can remaim as no files will be copied if the paths do not exist.

cd \
mkdir c:\winfe\mount\winfe

4 Responses to Mauritz Botha’s WAIK 3.0 Version

  1. Dexter says:
    September 23, 2010 at 20:49

    So has anyone tested this? I’m not too sure if I should use this batch file to make a winfe disk… Thanks guys!

    Reply
  2. WinFE says:
    September 30, 2010 at 13:03

    What’s wrong with the batch file? Let me know and I’ll correct it. The batch files are templates for what you can modify to your own needs, either adding drivers/software, or other things that are specific to a WinFE ISO.

    As for testing, I’d not use anything in forensics without testing, whether it be a batch file or forensic program.

    Reply
  3. Dexter says:
    September 30, 2010 at 16:08

    alright thanks bro, just wasn’t too sure if i was using it right…

    Reply
  4. WinFE says:
    October 1, 2010 at 08:40

    The commands are also different depending on the version of WAIK you use (DISM vs PEIMG as an example).

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s