A complete forensic OS in my pocket

I was in a meeting for trial prep with no gear on hand.  The only thing with me was a USB flashdrive with WinFE (it’s on my keychain….).    During the meeting, I get an ’emergency request’ asking if I can image a drive, like right now, as in, before it leaves the office.  Opposing council agreed to allow imaging at that very time in a short window of time.

I booted the custodian machine with WinFE and imaged to the USB.  No hardware write blockers, no running back to the lab, no asking someone to meet me with gear.  It was all in my pocket.  Of course, if WinFE didn’t work for some reason, it would not have worked out at all.  But in this case, it was like magic.

 

2 thoughts on “A complete forensic OS in my pocket

  1. This is great and thanks for that request as it caused Brett to do something which worked for him. This is a great move and thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s