For those that have been using WinFE and wanting to know about recent updates, I have only a little news to mention. WinFE is still just as good today as when Troy Larson first created it, so not much in the update area there. WinFE still boots the same computer systems and you can do the same forensic work as before, not much has changed since then. DiskPart is still the primary (only) method to toggle drives on/offline, which isn’t difficult to do. Still command line, but easy commands to use.
WinFE Batch File Building Method
And building WinFE is the same as before, no changes there either. If you use the batch file method, you can write your own or you can download pre-made batch files using the Box.net widget on this site to the right. Several to choose and modify to suit your preferences.
The location of the batch files on this blog looks like the below screenshot, so if you don’t see it, you may need to have Java enabled in your browser.
WinFE WinBuilder Building Method
If you are using WinBuilder (www.reboot.pro), there have been a continual update of the WinFE scripts by RoyM. The reboot.pro site is also the best place for forum support directly with the script writers if you have problems building your WinFE. RoyM (and others) has taken a great lead in the WinFE WinBuilder development. My hat is off to all the contributors.
Other Forensic Boot Systems
The “other” forensic boot systems have had a few updates, some major. I would highly recommend checking out Raptor, CAINE, and DEFT! A major difference between WinFE and several of the Linux forensic boot systems is that many of the Linux systems are pre-made forensic OS’s, with freeware/open source tools already installed. WinFE requires you to add the apps you want to use, which may be freeware, open source, or commercial. A more complete forensic G0-Bag Kit has all of them….just in case….