...are a little late coming out due to an emergency...but will be published soon. sorry for the delay.
This is the same as version 3.5.12.k except adds the function to create a CETS manifest XML needed for those using CETS.
Arnold will post information for CETS users regarding changes needed to properly use the X-Tension.
C4All X-Tension CETS compatible version 3.5.13.a
For use with CETS:
1. This will provide a generic "CETS Media Manifest.xml" file
2. This generic file will not include the digital signature InvestigationID, ManifestID, or CategorizationID. However, the CategorizationID can be added manually.
3. With the CETS Media Uploader you can "re-sign" the manifest file if you use "adminmode" of the CETS Media Uploader.
To enter into Admin Mode:
1. Right Click on "CETSMediaUploader.exe"
2. Select: Sent To, Desktop (create shortcut)
3. Locate the shortcut on your desktop
4. Right Click on the shortcut and select : Properties
5. In the Target Field append to the end of the line(after the closing "): -adminmode
6. Double click the edited Short Cut
When you launch the CETS Media Uploader in Admin Mode you will a new button to "Sign Manifest" file.
Clicking on the button will bring up a dialogue window to manually select a user and the related investigation.
Keep in mind, that you must manually cut and paste your Categorization settings into the XML file.
Canadian Police Centre for
Missing and Exploited Children.
Neat to see WinFE being taught everywhere, as in, everywhere by many. Wish I could have been there for this presentation (mostly because I'd have to be in Australia to see it...).
"The team will debut a new course topic in Dallas: Introduction to Windows Forensic Environment (WinFE). In this lab and lecture, investigators will learn how to create a bootable forensic environment on a thumb drive. Using this thumb drive, investigators can then conduct previews of suspect computers in the field, looking for information that indicates whether the computer contains potential evidence in a case. The ability to conduct on-scene triage such as this is very important to investigators, as it gives immediate information about suspects and their devices."
The WinFE online course will be updated sooner with a few neat things that are coming up with WinFE. Until then, there have been over 2,000 registrations for the course and more every day.
I'm impressed that there are so many users interested in using WinFE, but then again, not really. It's still a really neat tool to have in your toolbox alongside the Linux forensics boot OSs. If you haven't taken a look at WinFE, give it a try. This course will remain online, free, and updated when there are updates to make.
I am checking out WTE and so far, WTE represents a great enhancement on making WinFE more user friendly in appearance and use. I'll post my thoughts on WTE sometime in the future after I really take a look at WTE in more detail.
Speaking of online courses, if you regularly "google" people for investigations, backgrounds, pre-employment checks, internal investigations, or need to find someone as a witness (or suspect, or victim), take a look at my Advanced Internet Investigations Course with Google Hacks. If you register with this link (or this code: winfe50), you get 50% tuition. The half off discount is for the first 50 people, then regular price of $195. The course is a tad over 4.5 hours and covers enough information where you can practically find anyone online, and in the physical world. Google operators, syntax, and hacks are covered including automated searching utilities (free software!).
[caption id="attachment_1262" align="alignleft" width="700"] Half price for the first 50 WinFE blog readers.